In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already detached the device. Dropping the netdev reference in destroy can race with concurrent readers that still observe vport->dev. Do not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let vport_netdev_free() drop the reference from the RCU callback, matching the non-tunnel destroy path and avoiding additional synchronization under RTNL.

A flaw was found in the Linux kernel's Open vSwitch (OVS) component. A race condition can occur during the destruction of a network device (netdev) tunnel, where the `ovs_netdev_tunnel_destroy()` function may attempt to release a device reference while other parts of the system are still actively using it. This timing issue, or race condition, could lead to system instability or a denial of service (DoS) due to improper resource handling.

Open vSwitch tunnel destroy could drop netdev references too early; upstream defers `netdev_put()` to RCU free. Red Hat recommends OVS users take virtualization/networking kernel updates. To mitigate this issue, prevent the openvswitch module from being loaded. See https://access.redhat.com/solutions/41278 for instructions. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31678 https://nvd.nist.gov/vuln/detail/CVE-2026-31678 https://lore.kernel.org/linux-cve-announce/2026042544-CVE-2026-31678-79f5@gregkh/T