SB2026042561 - Integer overflow in Linux kernel mm



SB2026042561 - Integer overflow in Linux kernel mm

Published: April 25, 2026

Security Bulletin ID SB2026042561
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Integer overflow (CVE-ID: CVE-2026-31648)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to an integer overflow in filemap_map_pages() when mapping file-backed folios during a race with file size truncation. A local user can trigger the race to cause memory corruption.

The issue can cause mappings to extend beyond the large folio size and corrupt fields of pages that do not belong to that folio.


Remediation

Install update from vendor's website.