Expired Pointer Dereference The advisory has been revoked - it doesn't affect any version of package python-perf  (opens in a new tab)


Threat Intelligence

EPSS
0.12% (3rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS6-PYTHONPERF-16307549
  • published27 Apr 2026
  • disclosed25 Apr 2026

Introduced: 25 Apr 2026

CVE-2026-31680  (opens in a new tab)
CWE-825  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:6.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-perf package and not the python-perf package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: flowlabel: defer exclusive option free until RCU teardown

ip6fl_seq_show() walks the global flowlabel hash under the seq-file RCU read-side lock and prints fl->opt->opt_nflen when an option block is present.

Exclusive flowlabels currently free fl->opt as soon as fl->users drops to zero in fl_release(). However, the surrounding struct ip6_flowlabel remains visible in the global hash table until later garbage collection removes it and fl_free_rcu() finally tears it down.

A concurrent /proc/net/ip6_flowlabel reader can therefore race that early kfree() and dereference freed option state, triggering a crash in ip6fl_seq_show().

Fix this by keeping fl->opt alive until fl_free_rcu(). That matches the lifetime already required for the enclosing flowlabel while readers can still reach it under RCU.