Out-of-bounds read in Linux kernel - CVE-2026-31521
Published: April 24, 2026
Vulnerability identifier: #VU127631
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31521
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in simplify_symbols() when parsing a crafted module ELF file with an invalid section index. A local user can load a specially crafted module to cause a denial of service.
This can be triggered when the module ELF legitimately uses SHN_XINDEX or when the file is corrupted.
How to mitigate CVE-2026-31521
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/082f15d2887329e0f43fd3727e69365f5bfe5d2c
- https://git.kernel.org/stable/c/4bbdb0e48176fd281c2b9a211b110db6fd94e175
- https://git.kernel.org/stable/c/5d16f519b6eb1d071807e57efe0df2baa8d32ad6
- https://git.kernel.org/stable/c/6ba6957c640f58dc8ef046981a045da43e47ea23
- https://git.kernel.org/stable/c/ec2b22a58073f80739013588af448ff6e2ab906f
- https://git.kernel.org/stable/c/ef75dc1401d8e797ee51559a0dd0336c225e1776
- https://git.kernel.org/stable/c/f9d69d5e7bde2295eb7488a56f094ac8f5383b92