Reachable assertion in Linux kernel - CVE-2026-31451
Published: April 24, 2026
Vulnerability identifier: #VU127695
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31451
CWE-ID: CWE-617
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of oversized inline data in ext4_read_inline_folio when reading inline data from a crafted ext4 filesystem. A local user can trigger processing of inline data whose size exceeds PAGE_SIZE to cause a denial of service.
How to mitigate CVE-2026-31451
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf
- https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd
- https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda
- https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2
- https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed