{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31579","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.119Z","datePublished":"2026-04-24T14:42:10.208Z","dateUpdated":"2026-05-11T22:11:31.251Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:11:31.251Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit\n\nwg_netns_pre_exit() manually acquires rtnl_lock() inside the\npernet .pre_exit callback.  This causes a hung task when another\nthread holds rtnl_mutex - the cleanup_net workqueue (or the\nsetup_net failure rollback path) blocks indefinitely in\nwg_netns_pre_exit() waiting to acquire the lock.\n\nConvert to .exit_rtnl, introduced in commit 7a60d91c690b (\"net:\nAdd ->exit_rtnl() hook to struct pernet_operations.\"), where the\nframework already holds RTNL and batches all callbacks under a\nsingle rtnl_lock()/rtnl_unlock() pair, eliminating the contention\nwindow.\n\nThe rcu_assign_pointer(wg->creating_net, NULL) is safe to move\nfrom .pre_exit to .exit_rtnl (which runs after synchronize_rcu())\nbecause all RCU readers of creating_net either use maybe_get_net()\n- which returns NULL for a dying namespace with zero refcount - or\naccess net->user_ns which remains valid throughout the entire\nops_undo_list sequence.\n\n[ Jason: added __net_exit and __read_mostly annotations that were missing. ]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireguard/device.c"],"versions":[{"version":"900575aa33a3eaaef802b31de187a85c4a4b4bd0","lessThan":"9a9e69155b2091b8297afaf1533b8d68a3096841","status":"affected","versionType":"git"},{"version":"900575aa33a3eaaef802b31de187a85c4a4b4bd0","lessThan":"1c52ef00e391144334f10995985c2f256d4be982","status":"affected","versionType":"git"},{"version":"900575aa33a3eaaef802b31de187a85c4a4b4bd0","lessThan":"a1d0f6cbb962af29586e3e65a4bced1a5e39221f","status":"affected","versionType":"git"},{"version":"900575aa33a3eaaef802b31de187a85c4a4b4bd0","lessThan":"60a25ef8dacb3566b1a8c4de00572a498e2a3bf9","status":"affected","versionType":"git"},{"version":"363cc6efdbb54bb06cd5034a69b41aae974a736f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireguard/device.c"],"versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","status":"unaffected","versionType":"semver"},{"version":"6.18.24","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.14","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0.1","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1-rc1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.18.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.19.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"7.0.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"7.1-rc1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9a9e69155b2091b8297afaf1533b8d68a3096841"},{"url":"https://git.kernel.org/stable/c/1c52ef00e391144334f10995985c2f256d4be982"},{"url":"https://git.kernel.org/stable/c/a1d0f6cbb962af29586e3e65a4bced1a5e39221f"},{"url":"https://git.kernel.org/stable/c/60a25ef8dacb3566b1a8c4de00572a498e2a3bf9"}],"title":"wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit","x_generator":{"engine":"bippy-1.2.0"}}}}