CVE-2026-31431
high
KEV
CVSS v3
7.8
CVSS v4 NEW
โ
VIR risk
10.0
Description
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
CISA KEV
- Vendor
- Linux
- Product
- Kernel
- Due date
- 2026-05-15
Predictions
Exploit likelihood
99%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Source fetch failed: fetch_error โ view the original via the link above.
OS impact
Linux kernel Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 7.0 | Affected | โ |
| โ | Affected | 5.10.254 |
SUSE Affected 10 releases
| Version | Status | Fixed in |
|---|---|---|
| 16.1 | Affected | โ |
| 16.0 | Affected | โ |
| 15.6 | Affected | โ |
| 15.5 | Affected | โ |
| 15.4 | Affected | โ |
| 15.3 | Affected | โ |
| 15 | Affected | โ |
| 12 | Affected | โ |
| 11 | Affected | โ |
| โ | Affected | โ |
Ubuntu Affected 8 releases
| Version | Status | Fixed in |
|---|---|---|
| 25.10 | Affected | โ |
| 24.04 | Affected | โ |
| 22.04 | Affected | โ |
| 20.04 | Affected | โ |
| 18.04 | Affected | โ |
| 16.04 | Affected | โ |
| 14.04 | Affected | โ |
| - | Affected | โ |
Debian Mixed 8 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.85-1 |
| sid | Fixed | 6.19.12-1 |
| forky | Fixed | 6.19.12-1 |
| bullseye | Fixed | 5.10.251-3 |
| bookworm | Fixed | 6.1.170-1 |
| 13.0 | Affected | โ |
| 12.0 | Affected | โ |
| 11.0 | Affected | โ |
Red Hat Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| 10.1 | Affected | โ |
| 10.0 | Affected | โ |
| 9.0 | Affected | โ |
| 9 | Fixed | โ |
| 8.0 | Affected | โ |
| 8 | Fixed | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | rtla-5.14.0-611.54.1.el9_7.aarch64.rpm |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 6.19.12-1 |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | openshift_container_platform | 4.0 | |
| suse | caas_platform | 4.0 | |
| suse | enterprise_storage | 6.0 | |
| suse | enterprise_storage | 7.0 | |
| suse | enterprise_storage | 7.1 | |
| suse | manager_proxy | 4.0 | |
| suse | manager_proxy | 4.1 | |
| suse | manager_proxy | 4.2 | |
| suse | manager_proxy | 4.3 | |
| suse | manager_retail_branch_server | 4.0 | |
| suse | manager_retail_branch_server | 4.1 | |
| suse | manager_retail_branch_server | 4.2 | |
| suse | manager_retail_branch_server | 4.3 | |
| suse | manager_server | 4.0 | |
| suse | manager_server | 4.1 | |
| suse | manager_server | 4.2 | |
| suse | manager_server | 4.3 | |
| suse | openstack_cloud | 9.0 | |
| suse | openstack_cloud_crowbar | 9.0 | |
| arista | cloudvision_agni | {"startIncluding":"2024.4.0","endIncluding":"2025.2.2"} | |
| arista | cloudvision_portal | {"startIncluding":"2024.2.0","endIncluding":"2026.1.0"} | |
| arista | velocloud_edge | {"startIncluding":"4.5.0","endIncluding":"6.4.1"} | |
| arista | velocloud_gateway | - | |
| vmware | velocloud_orchestrator | - | |
| aws | aws | | |
| aws | linux-kernels | | |
References
- https://access.redhat.com/errata/RHSA-2026:13565
- https://access.redhat.com/errata/RHSA-2026:15978
- https://access.redhat.com/errata/RHSA-2026:19225
- https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c
- https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc
- https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667
- https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82
- https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b
- https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
- https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
- https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
- http://www.openwall.com/lists/oss-security/2026/04/29/23
- http://www.openwall.com/lists/oss-security/2026/04/29/25
- http://www.openwall.com/lists/oss-security/2026/04/29/26
- http://www.openwall.com/lists/oss-security/2026/04/30/10
- http://www.openwall.com/lists/oss-security/2026/04/30/11
- http://www.openwall.com/lists/oss-security/2026/04/30/12
- http://www.openwall.com/lists/oss-security/2026/04/30/14
- http://www.openwall.com/lists/oss-security/2026/04/30/15
- http://www.openwall.com/lists/oss-security/2026/04/30/16
- http://www.openwall.com/lists/oss-security/2026/04/30/17
- http://www.openwall.com/lists/oss-security/2026/04/30/18
- http://www.openwall.com/lists/oss-security/2026/04/30/2
- http://www.openwall.com/lists/oss-security/2026/04/30/20
- http://www.openwall.com/lists/oss-security/2026/04/30/5
CWEs
CWE-669
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.