CVE-2026-31468

HIGH EPSS 2.2%

Published Apr 22, 20262mo ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Apr 22, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfio_pci_core_feature_dma_buf() ignores its own advice to only use dma_buf_put() after dma_buf_export(), instead falling through the entire unwind chain. In the unlikely event that we encounter file descriptor exhaustion, this can result in an unbalanced refcount on the vfio device and double free of allocated objects. Avoid this by moving the "put" directly into the error path and return the errno rather than entering the unwind chain.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

2.2% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-415

Affected Products 6

Vendor	Product	Version	Range
linux	linux_kernel	*	≥6.19 – <6.19.11
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any

References 2

git.kernel.org https://git.kernel.org/stable/c/83ad334afc9a645cef1062f5346526b1e36d6516

Patch
git.kernel.org https://git.kernel.org/stable/c/e98137f0a874ab36d0946de4707aa48cb7137d1c

Patch

Remediation

git.kernel.org https://git.kernel.org/stable/c/83ad334afc9a645cef1062f5346526b1e36d6516

Patch
git.kernel.org https://git.kernel.org/stable/c/e98137f0a874ab36d0946de4707aa48cb7137d1c

Patch