Use-after-free in Linux kernel - CVE-2026-31454
Published: April 24, 2026
Vulnerability identifier: #VU127698
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31454
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in xfs_inode_item_push() and xfs_qm_dquot_logitem_push() when performing buffer I/O after dropping the AIL lock in push callbacks. A local user can trigger log item reclaim and subsequent dereference of a freed li_ailp pointer to cause a denial of service.
How to mitigate CVE-2026-31454
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/19437e4f7bb909afde832b39372aa2f3ce3cfd88
- https://git.kernel.org/stable/c/394d70b86fae9fe865e7e6d9540b7696f73aa9b6
- https://git.kernel.org/stable/c/4c7d50147316cf049462f327c4a3e9dc2b7f1dd0
- https://git.kernel.org/stable/c/50f5f056807b7bed74f4f307f2ca0ed92f3e556d
- https://git.kernel.org/stable/c/6dbe17f19c290a72ce57d5abc70e1fad0c3e14e5
- https://git.kernel.org/stable/c/75669e987137f49c99ca44406bf0200d1892dd16
- https://git.kernel.org/stable/c/d8fc60bbaf5aea1604bf9f4ed565da6a1ac7a87d
- https://git.kernel.org/stable/c/edd1637d4e3911ab6c760f553f2040fe72f61a13