Cyber Resilience

CVE-2026-31463

Critical

Published: 22 April 2026

Published
22 April 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 29.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-31463 is a critical-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31463 is a critical vulnerability in the Linux kernel's iomap subsystem, stemming from improper handling of folios without an inline folio state (ifs) attached. Specifically, when the block size defined by 1 << inode->i_blkbits matches the folio size but differs from the I/O granularity, partial I/O submissions fail to invalidate the current folio context properly. This leads to invalid folio access, as iomap_read_folio_iter() does not clear ctx->cur_folio when bytes submitted equal folio length in non-ifs cases, causing iomap_read_end() to process a folio still owned by the I/O helper.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely by unauthenticated attackers with low complexity and no user interaction. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or denial of service within the kernel context.

Mitigation is available through kernel patches committed to stable branches, including commits 4a927f670cdb0def226f9f85f42a9f19d9e09c88 and bd71fb3fea9945987053968f028a948997cba8cc on git.kernel.org. These fixes unconditionally invalidate ctx->cur_folio in non-ifs cases to prevent the invalid access. Security practitioners should update affected Linux kernels to incorporate these stable commits.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access after folio_end_read()") partially addressed invalid folio access for folios without an ifs…

more

attached, but it did not handle the case where 1 << inode->i_blkbits matches the folio size but is different from the granularity used for the IO, which means IO can be submitted for less than the full folio for the !ifs case. In this case, the condition: if (*bytes_submitted == folio_len) ctx->cur_folio = NULL; in iomap_read_folio_iter() will not invalidate ctx->cur_folio, and iomap_read_end() will still be called on the folio even though the IO helper owns it and will finish the read on it. Fix this by unconditionally invalidating ctx->cur_folio for the !ifs case.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel iomap flaw enables arbitrary code execution (and DoS/data corruption) in kernel context; directly maps to exploitation for privilege escalation to obtain root/system-level access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31474Same product: Linux Linux Kernel
CVE-2026-31516Same product: Linux Linux Kernel
CVE-2024-57792Same product: Linux Linux Kernel
CVE-2026-23326Same product: Linux Linux Kernel
CVE-2026-23280Same product: Linux Linux Kernel
CVE-2025-71123Same product: Linux Linux Kernel
CVE-2026-31570Same product: Linux Linux Kernel
CVE-2026-23288Same product: Linux Linux Kernel
CVE-2026-23014Same product: Linux Linux Kernel
CVE-2022-49275Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 6.19 — 6.19.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through kernel patching directly prevents exploitation of the iomap folio invalid access vulnerability.

detect

Vulnerability scanning identifies Linux kernels vulnerable to CVE-2026-31463's improper folio handling in the iomap subsystem.

prevent

Enforcing documented secure configuration settings for kernel versions and I/O parameters partially mitigates risks from mismatched block and I/O granularity.

References