CVE-2026-31438
MEDIUM EPSS 2.3%
Published Apr 22, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Apr 22, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, __kernel_write() creates an ITER_KVEC iterator. This iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types, hitting the BUG() for any other type. Fix this by adding netfs_limit_kvec() following the same pattern as netfs_limit_bvec(), since both kvec and bvec are simple segment arrays with pointer and length fields. Dispatch it from netfs_limit_iter() when the iterator type is ITER_KVEC.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 9
References 4
- git.kernel.org https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e
- git.kernel.org https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d
- git.kernel.org https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e
- git.kernel.org https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14
Remediation
- git.kernel.org https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e
- git.kernel.org https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d
- git.kernel.org https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e
- git.kernel.org https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14