CVE-2026-31768
Published: 01 May 2026
Summary
CVE-2026-31768 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2026-31768 is a vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically the ti-adc161s626 ADC driver. The issue arises from the use of stack-allocated memory for the spi_read() function, which is not DMA-safe. All SPI buffers must be DMA-safe to prevent potential corruption or crashes during direct memory access operations by the hardware. The fix involves allocating a DMA-safe buffer, limited to a u8 array for up to 3 bytes, and adjusting the associated conversion functions accordingly.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, as indicated by the CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The unchanged scope suggests the impact remains within the vulnerable component.
Mitigation requires updating to a patched Linux kernel version that includes the relevant stable commits. Key patches are available at: https://git.kernel.org/stable/c/014c6d27878d3883f7bb065610768fd021de1a96, https://git.kernel.org/stable/c/67b3a91bdc48220bfb67155ab528121b9c822782, https://git.kernel.org/stable/c/768461517a28d80fe81ea4d5d03a90cd184ea6ad, https://git.kernel.org/stable/c/b3bb8faeca1a2ef7be95ee8a512b639f9ffce947, and https://git.kernel.org/stable/c/d2d031b0786ea66ab0577c9d2d71435068d32199.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26581
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe. Since we…
more
only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption vulnerability in a device driver (non-DMA-safe stack buffer) directly enables local privilege escalation via exploitation of the flaw, matching T1068 with high CIA impact from low-privileged local access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation through applying kernel patches directly fixes the use of non-DMA-safe stack memory in the ti-adc161s626 driver, preventing exploitation.
Memory protection mechanisms like IOMMU or kernel address space protections mitigate corruption risks from DMA operations to unsafe stack buffers.
Least functionality restricts loading unnecessary drivers like ti-adc161s626, avoiding exposure to this specific vulnerability.