CVE-2026-31471

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfrm: iptfs: only publish mode_data after clone setup<br /> <br /> iptfs_clone_state() stores x-&gt;mode_data before allocating the reorder<br /> window. If that allocation fails, the code frees the cloned state and<br /> returns -ENOMEM, leaving x-&gt;mode_data pointing at freed memory.<br /> <br /> The xfrm clone unwind later runs destroy_state() through x-&gt;mode_data,<br /> so the failed clone path tears down IPTFS state that clone_state()<br /> already freed.<br /> <br /> Keep the cloned IPTFS state private until all allocations succeed so<br /> failed clones leave x-&gt;mode_data unset. The destroy path already<br /> handles a NULL mode_data pointer.