CVE-2026-31529

MEDIUM EPSS 1.4%

Published Apr 22, 20262mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 3.1

Medium

Published Apr 22, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __construct_region() Failing the first sysfs_update_group() needs to explicitly kfree the resource as it is too early for cxl_region_iomem_release() to do so.

CVSS Details

Base Score

5.5

Exploitability

1.8

Impact

3.6

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

1.4% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-401

Affected Products 6

Vendor	Product	Version	Range
linux	linux_kernel	*	≥6.19 – <6.19.11
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any
linux	linux_kernel	7.0	any

References 2

git.kernel.org https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791

Patch
git.kernel.org https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933

Patch

Remediation

git.kernel.org https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791

Patch
git.kernel.org https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933

Patch