Out-of-bounds write in Linux kernel - CVE-2026-31494
Published: April 24, 2026
Vulnerability identifier: #VU127652
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31494
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds write in gem_get_ethtool_stats when handling ethtool statistics requests for devices with fewer active queues than the maximum supported queues. A local user can send a crafted ioctl request to cause a denial of service.
How to mitigate CVE-2026-31494
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/240c5302eed83e34e98db18f6795ee5f40814024
- https://git.kernel.org/stable/c/72d96e4e24bbefdcfbc68bdb9341a05d8f5cb6e5
- https://git.kernel.org/stable/c/7ff87da099210856cbfe2f2f7f52ddfa57af4f0c
- https://git.kernel.org/stable/c/95246341945163ad9a250a87ca5bd1c1252777ae
- https://git.kernel.org/stable/c/9596759a84e1dbf2670518d85e969208960041f9
- https://git.kernel.org/stable/c/9738be665544281aa624842812c2fbfed6f88226
- https://git.kernel.org/stable/c/9d74d10e4e26672e139a8bcf8bf95957bf2d160f
- https://git.kernel.org/stable/c/e182fe273cdf5a8931592228196ef514ffac392b