CVE-2026-31438

April 23, 2026, 4:17 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, __kernel_write() creates an ITER_KVEC iterator. This iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types, hitting the BUG() for any other type. Fix this by adding netfs_limit_kvec() following the same pattern as netfs_limit_bvec(), since both kvec and bvec are simple segment arrays with pointer and length fields. Dispatch it from netfs_limit_iter() when the iterator type is ITER_KVEC.

Product(s) Impacted

Vendor Product Versions
Linux
  • Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux kernel / / / / / / / /

References

https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e
https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d
https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e
https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-04-22
CVE-2026-31438

Timeline

Published: April 22, 2026, 2:16 p.m.
Last Modified: April 23, 2026, 4:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.