CVE-2026-31579
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
wg_netns_pre_exit() manually acquires rtnl_lock() inside the pernet .pre_exit callback. This causes a hung task when another thread holds rtnl_mutex - the cleanup_net workqueue (or the setup_net failure rollback path) blocks indefinitely in wg_netns_pre_exit() waiting to acquire the lock.
Convert to .exit_rtnl, introduced in commit 7a60d91c690b ("net: Add ->exit_rtnl() hook to struct pernet_operations."), where the framework already holds RTNL and batches all callbacks under a single rtnl_lock()/rtnl_unlock() pair, eliminating the contention window.
The rcu_assign_pointer(wg->creating_net, NULL) is safe to move from .pre_exit to .exit_rtnl (which runs after synchronize_rcu()) because all RCU readers of creating_net either use maybe_get_net()
- which returns NULL for a dying namespace with zero refcount - or access net->user_ns which remains valid throughout the entire ops_undo_list sequence.
[ Jason: added __net_exit and __read_mostly annotations that were missing. ]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 900575aa33a3eaaef802b31de187a85c4a4b4bd0 < 9a9e69155b2091b8297afaf1533b8d68a3096841 | affected |
| Linux | Linux | 900575aa33a3eaaef802b31de187a85c4a4b4bd0 < 1c52ef00e391144334f10995985c2f256d4be982 | affected |
| Linux | Linux | 900575aa33a3eaaef802b31de187a85c4a4b4bd0 < a1d0f6cbb962af29586e3e65a4bced1a5e39221f | affected |
| Linux | Linux | 900575aa33a3eaaef802b31de187a85c4a4b4bd0 < 60a25ef8dacb3566b1a8c4de00572a498e2a3bf9 | affected |
| Linux | Linux | 363cc6efdbb54bb06cd5034a69b41aae974a736f | affected |
| Linux | Linux | 5.7.7 < 5.8 | affected |
| Linux | Linux | 5.8 | affected |
| Linux | Linux | 0 < 5.8 | unaffected |
| Linux | Linux | 6.18.24 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.14 <= 6.19.* | unaffected |
| Linux | Linux | 7.0.1 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9a9e69155b2091b8297afaf1533b8d68a3096841
- https://git.kernel.org/stable/c/1c52ef00e391144334f10995985c2f256d4be982
- https://git.kernel.org/stable/c/a1d0f6cbb962af29586e3e65a4bced1a5e39221f
- https://git.kernel.org/stable/c/60a25ef8dacb3566b1a8c4de00572a498e2a3bf9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.