Main Vulnerability Database Exploits ID:12611 - Exploit for Always-Incorrect Control Flow Implementation in Linux kernel - CVE-2026-31413

ID:12611 - Exploit for Always-Incorrect Control Flow Implementation in Linux kernel - CVE-2026-31413

Published: April 17, 2026

Vulnerability identifier: #VU125836

Vulnerability risk: Low

CVE-ID: CVE-2026-31413

CWE-ID: CWE-670

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/Rat5ak/bpf-research

Vulnerability description

The vulnerability allows a local user to access out-of-bounds map memory.

The vulnerability exists due to improper handling of scalar state forking in maybe_fork_scalars() when processing BPF_OR operations with a constant source operand. A local user can execute a crafted BPF program to access out-of-bounds map memory.

The issue is caused by a verifier/runtime divergence when the destination register has a signed range of [-1, 0].

Remediation

Install security update from vendor's repository.

ID:12611 - Exploit for Always-Incorrect Control Flow Implementation in Linux kernel - CVE-2026-31413

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human