Cyber Resilience

CVE-2026-31435

High

Published: 22 April 2026

Published
22 April 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0034 26.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31435 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31435 is a vulnerability in the Linux kernel's netfs subsystem, specifically affecting read request retry handling. During retries, all remaining subrequests from a read can be improperly abandoned because the 'subreq' variable is either uninitialized on the first loop pass or points to a deleted subrequest on subsequent passes. This leads to incorrect abandonment starting points, as the process expects a valid 'subreq' to identify where to begin.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating it is exploitable over the network by unauthenticated attackers requiring low attack complexity and user interaction. Successful exploitation can result in high impacts to confidentiality, integrity, and availability of the affected system.

Patches addressing this issue are available in the Linux kernel stable tree via the following commits: https://git.kernel.org/stable/c/3e5fd8f53b575ff2188f82071da19c977ca56c41, https://git.kernel.org/stable/c/7e57523490cd2efb52b1ea97f2e0a74c0fb634cd, and https://git.kernel.org/stable/c/8f2f2bd128a8d9edbc1e785760da54ada3df69b7. These fixes properly set 'subreq' to the first retry-needing subrequest before abandonment and clear the pointer afterward to prevent invalid access.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to…

more

be set to the place to start abandonment from, but it doesn't always have a useful value (it will be uninitialised on the first pass through the loop and it may point to a deleted subrequest on later passes). Fix the first jump to "abandon:" to set subreq to the start of the first subrequest expected to need retry (which, in this abandonment case, turned out unexpectedly to no longer have NEED_RETRY set). Also clear the subreq pointer after discarding superfluous retryable subrequests to cause an oops if we do try to access it.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel memory corruption (invalid subreq pointer during netfs read retries) enables remote client-side code execution via crafted network FS traffic (T1203) and subsequent kernel-level privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31570Same product: Linux Linux Kernel
CVE-2026-23099Same product: Linux Linux Kernel
CVE-2026-23406Same product: Linux Linux Kernel
CVE-2026-23407Same product: Linux Linux Kernel
CVE-2026-23288Same product: Linux Linux Kernel
CVE-2021-47633Same product: Linux Linux Kernel
CVE-2026-31413Same product: Linux Linux Kernel
CVE-2022-49503Same product: Linux Linux Kernel
CVE-2025-71112Same product: Linux Linux Kernel
CVE-2026-43025Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 6.12 — 6.18.21 · 6.19 — 6.19.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the Linux kernel netfs flaw through application of stable tree patches to prevent improper subrequest abandonment during read retries.

detect

Vulnerability scanning and monitoring identifies systems running vulnerable Linux kernel versions affected by the netfs read retry abandonment issue.

detect

Ensures awareness and dissemination of security advisories for Linux kernel patches addressing the netfs subrequest handling flaw.

References