Cyber Resilience

CVE-2026-31389

HighUpdated

Published: 03 April 2026

Published
03 April 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31389 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-31389 is a use-after-free vulnerability in the Linux kernel's SPI subsystem. It arises during SPI controller registration when per-CPU statistics allocation fails, leading to improper handling that can result in use-after-free of driver resources and unclocked register accesses. The issue affects the Linux kernel and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Exploitation could grant high-impact access to confidential data, modification of system integrity, and denial-of-service via availability disruption, such as through arbitrary code execution or kernel crashes triggered by the use-after-free.

Mitigation involves applying patches from Linux kernel stable repositories, as detailed in the referenced commits: 0e23f50086da7d0b183dfeac26021acfcdee086b, 23b51bad2eb8787aa74324cfccefb258515ae5ba, 6bbd385b30c7fb6c7ee0669e9ada91490938c051, 80f3e8cd2b4ad355b2ad2024cf423f6d183404f7, and 8634e05b08ead636e926022f4a98416e13440df9. These fixes ensure deregistration from the driver core occurs even if allocation fails during registration.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free…

more

(of driver resources) and unclocked register accesses.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in Linux kernel SPI subsystem directly enables local privilege escalation via arbitrary code execution or kernel-level access from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 6.0 — 6.1.167 · 6.2 — 6.6.130 · 6.7 — 6.12.78

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely patching of the use-after-free flaw in the Linux kernel SPI controller registration process.

prevent

Mandates fail-safe procedures during resource allocation failures to ensure proper deregistration and avoid use-after-free.

prevent

Implements memory safeguards that mitigate exploitation of the use-after-free vulnerability for code execution or crashes.

References