Improper Validation of Specified Index, Position, or Offset in Input The advisory has been revoked - it doesn't affect any version of package perf  (opens in a new tab)

The Centos security team deemed this advisory irrelevant for Centos:6.

Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_netem: fix out-of-bounds access in packet corruption

In netem_enqueue(), the packet corruption logic uses get_random_u32_below(skb_headlen(skb)) to select an index for modifying skb->data. When an AF_PACKET TX_RING sends fully non-linear packets over an IPIP tunnel, skb_headlen(skb) evaluates to 0.

Passing 0 to get_random_u32_below() takes the variable-ceil slow path which returns an unconstrained 32-bit random integer. Using this unconstrained value as an offset into skb->data results in an out-of-bounds memory access.

Fix this by verifying skb_headlen(skb) is non-zero before attempting to corrupt the linear data area. Fully non-linear packets will silently bypass the corruption logic.

• https://access.redhat.com/security/cve/CVE-2026-31675
• https://git.kernel.org/stable/c/13a66ca1e235d4bcd53d12d4c68490cad7f8e46f
• https://git.kernel.org/stable/c/3a2999704ac36cfb4041fed3652d26a3373e8d12
• https://git.kernel.org/stable/c/4fd258e281fa8bc15e9ce2c7691941537e9258ad
• https://git.kernel.org/stable/c/a14b56863348686dd0387eea8ce66b85cf455908
• https://git.kernel.org/stable/c/d64cb81dcbd54927515a7f65e5e24affdc73c14b