Cyber Resilience

CVE-2026-31554

High

Published: 24 April 2026

Published
24 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31554 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31554 is a use-after-free vulnerability (CWE-416) in the Linux kernel's futex subsystem. It arises in the sys_futex_requeue() function, which previously permitted operations with different flags between the source and destination futexes, enabling a use-after-free condition. This issue was resolved by mandating identical flags for such operations, consistent with the legacy sys_futex() requeue behavior, as the original motivation—support for variable-sized futexes—has not been merged.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it with low complexity and no user interaction required, potentially achieving high impacts on confidentiality, integrity, and availability through kernel memory corruption via the use-after-free.

Mitigation patches are available in Linux kernel stable trees via the referenced commits, including 027145ace09fad4c7cbcd6c61fe9b429c63eb0e5, 18b7d09c2b794c71d4252f3ea2cf84ad12b73d6a, 19f94b39058681dec64a10ebeb6f23fe7fc3f77a, and e2f78c7ec1655fedd945366151ba54fcb9580508. These enforce identical flags in sys_futex_requeue(), eliminating the flaw.

The vulnerability was reported by Nicholas, who noted that his LLM identified the use-after-free possibility in sys_futex_requeue() with differing flags.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: futex: Require sys_futex_requeue() to have identical flags Nicholas reported that his LLM found it was possible to create a UaF when sys_futex_requeue() is used with different flags. The initial motivation…

more

for allowing different flags was the variable sized futex, but since that hasn't been merged (yet), simply mandate the flags are identical, as is the case for the old style sys_futex() requeue operations.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free in futex enables direct exploitation for privilege escalation (memory corruption to root from low-priv user).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.7, 7.0 · 6.7.1 — 6.12.80 · 6.13 — 6.18.21 · 6.19 — 6.19.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation directly addresses the CVE by applying kernel patches that enforce identical flags in sys_futex_requeue, eliminating the use-after-free vulnerability.

prevent

Memory protection mechanisms such as KASLR, SMEP, and KSMAP protect against kernel use-after-free exploits by enforcing memory separation and preventing unauthorized code execution.

prevent

Information input validation for kernel system calls like sys_futex_requeue ensures flag parameters are checked, preventing invalid operations that trigger the use-after-free condition.

References