Home / Vulnerability Intelligence / CVE-2026-31589

CVE-2026-31589 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 27, 2026

Linux Kernel - Use After Free

Published: April 24, 2026Updated: April 27, 2026Remote Exploitable

Overview

Linux kernel contains a use-after-free vulnerability caused by improper handling of folio_unmap_invalidate() leading to access of freed mapping->a_ops, letting attackers cause memory corruption, exploit requires kernel code execution.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can cause memory corruption or kernel crashes, potentially leading to privilege escalation or denial of service.

Mitigation

Update to the latest Linux kernel version containing the fix.

References

https://git.kernel.org/stable/c/b667df39d98a7a24be7c2a40ff0863dac1ad2cd7
https://git.kernel.org/stable/c/c330e65ea59c4805d6ab6757c4ddfe8c63acef31
https://git.kernel.org/stable/c/615d9bb2ccad42f9e21d837431e401db2e471195

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31589
Severity: Critical
CVSS Score: 9.8
Type: use_after_free
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H