CVE-2026-31664

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfrm: clear trailing padding in build_polexpire()<br /> <br /> build_expire() clears the trailing padding bytes of struct<br /> xfrm_user_expire after setting the hard field via memset_after(),<br /> but the analogous function build_polexpire() does not do this for<br /> struct xfrm_user_polexpire.<br /> <br /> The padding bytes after the __u8 hard field are left<br /> uninitialized from the heap allocation, and are then sent to<br /> userspace via netlink multicast to XFRMNLGRP_EXPIRE listeners,<br /> leaking kernel heap memory contents.<br /> <br /> Add the missing memset_after() call, matching build_expire().