Main Vulnerability Database Vulnerabilities #VU128947

Memory leak in Linux kernel - CVE-2026-31746

Published: May 2, 2026

Vulnerability identifier: #VU128947

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-31746

CWE-ID: CWE-401

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a memory leak in the s390 zcrypt CCA card accelerator handling for clear key RSA requests when processing ME and CRT requests. A local user can trigger repeated clear key RSA requests to cause a denial of service.

The issue occurs when CCA cards are used as an accelerator.

How to mitigate CVE-2026-31746

Install security update from vendor's repository.

Sources

https://git.kernel.org/stable/c/586222c37d4027dbf60a604fbe820184fee7c1c9
https://git.kernel.org/stable/c/ace37bfec3822033e59fff390f2ff99fc96ebe4f
https://git.kernel.org/stable/c/c8d46f17c2fc7d25c18e60c008928aecab26184d

Memory leak in Linux kernel - CVE-2026-31746

Detailed vulnerability description

How to mitigate CVE-2026-31746

Sources

Please verify you're human