Cyber Resilience

CVE-2026-31768

High

Published: 01 May 2026

Published
01 May 2026
Modified
11 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31768 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-31768 is a vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically the ti-adc161s626 ADC driver. The issue arises from the use of stack-allocated memory for the spi_read() function, which is not DMA-safe. All SPI buffers must be DMA-safe to prevent potential corruption or crashes during direct memory access operations by the hardware. The fix involves allocating a DMA-safe buffer, limited to a u8 array for up to 3 bytes, and adjusting the associated conversion functions accordingly.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, as indicated by the CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The unchanged scope suggests the impact remains within the vulnerable component.

Mitigation requires updating to a patched Linux kernel version that includes the relevant stable commits. Key patches are available at: https://git.kernel.org/stable/c/014c6d27878d3883f7bb065610768fd021de1a96, https://git.kernel.org/stable/c/67b3a91bdc48220bfb67155ab528121b9c822782, https://git.kernel.org/stable/c/768461517a28d80fe81ea4d5d03a90cd184ea6ad, https://git.kernel.org/stable/c/b3bb8faeca1a2ef7be95ee8a512b639f9ffce947, and https://git.kernel.org/stable/c/d2d031b0786ea66ab0577c9d2d71435068d32199.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() Add a DMA-safe buffer and use it for spi_read() instead of a stack memory. All SPI buffers must be DMA-safe. Since we…

more

only need up to 3 bytes, we just use a u8[] instead of __be16 and __be32 and change the conversion functions appropriately.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption vulnerability in a device driver (non-DMA-safe stack buffer) directly enables local privilege escalation via exploitation of the flaw, matching T1068 with high CIA impact from low-privileged local access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 4.9 — 6.1.168 · 6.2 — 6.6.134 · 6.7 — 6.12.81

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation through applying kernel patches directly fixes the use of non-DMA-safe stack memory in the ti-adc161s626 driver, preventing exploitation.

prevent

Memory protection mechanisms like IOMMU or kernel address space protections mitigate corruption risks from DMA operations to unsafe stack buffers.

prevent

Least functionality restricts loading unnecessary drivers like ti-adc161s626, avoiding exposure to this specific vulnerability.

References