cve-2026-31503

CVE-2026-31503 is a Linux kernel networking vulnerability affecting UDP wildcard bind conflict detection. When the code switches to the hash2 lookup path, a collision can be missed, allowing a wildcard bind such as [::]:8888 or 0.0.0.0:8888 to succeed even though specific-address sockets already occupy that port. The flaw impacts both IPv6 and IPv4 wildcard binds, including IPv4-mapped wildcard cases. The TCP side already has correct helper logic, which the UDP fix reuses after renaming and moving it into a shared header. This is a boundary-condition regression that can lead to unexpected socket binding behavior.