Race condition in Linux kernel - CVE-2026-31466
Published: April 24, 2026
Vulnerability identifier: #VU127684
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31466
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in softleaf_to_folio() and softleaf_to_page() when handling migration entries during concurrent folio splitting and zap_nonpresent_ptes() processing. A local user can trigger the race to cause a denial of service.
The issue can result in VM_WARN_ON_ONCE() being triggered, and on systems before commit 93976a20345b it can manifest as a BUG_ON().
How to mitigate CVE-2026-31466
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/426ee10711586617da869c8bb798214965337617
- https://git.kernel.org/stable/c/4c5e7f0fcd592801c9cc18f29f80fbee84eb8669
- https://git.kernel.org/stable/c/722cfaf6b31d31123439e67b5deac6b1261a3dea
- https://git.kernel.org/stable/c/7ad1997b9bc8032603df8f091761114479285769
- https://git.kernel.org/stable/c/7ddcf4a245c1c5a91fdd9698757e3d95179ffe41
- https://git.kernel.org/stable/c/8bfb8414e9f2ce6f5f2f0e3d0da52f2d132128e7
- https://git.kernel.org/stable/c/b8c49ad888892ad7b77062b9c102b799a3e9b4f8
- https://git.kernel.org/stable/c/f1acf5887c2bbaf998dc3fe32c72b7a8b84a3ddd