Cyber Resilience

CVE-2026-31782

HighUpdated

Published: 01 May 2026

Published
01 May 2026
Modified
11 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31782 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-31782 is a vulnerability in the Linux kernel's perf/x86 subsystem, specifically within the intel_pmu_hw_config function. The issue arises during auto counter reload operations involving groups of events that include software events. When such a group is processed, the software event PMU is not the x86_hybrid_pmu, leading to an unsafe container_of operation in intel_pmu_set_acr_caused_constr (invoked via a hybrid helper). This can result in out-of-bounds memory reads.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary memory reads and related disruptions within the kernel context.

Mitigation is provided through kernel patches available in stable releases, as detailed in the referenced commits: bfee04838f636d064bc92075c65c95f739003804, dbde07f06226438cd2cf1179745fa1bec5d8914a, and e435a30ca6fe14c9611b1fc731c98a6d28410247. These patches resolve the issue by adding an is_x86_event check to guard the call to intel_pmu_set_acr_caused_constr, preventing the invalid container_of usage. Security practitioners should apply these updates to affected Linux kernel versions.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad container_of in intel_pmu_hw_config Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86_hybrid_pmu and…

more

a container_of operation in intel_pmu_set_acr_caused_constr (via the hybrid helper) could cause out of bound memory reads. Avoid this by guarding the call to intel_pmu_set_acr_caused_constr with an is_x86_event check.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Local kernel OOB memory read in perf enables direct exploitation for privilege escalation (T1068) and credential access via arbitrary kernel memory reads (T1212).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31708Same product: Linux Linux Kernel
CVE-2024-57928Same product: Linux Linux Kernel
CVE-2026-31449Same product: Linux Linux Kernel
CVE-2026-23076Same product: Linux Linux Kernel
CVE-2025-71136Same product: Linux Linux Kernel
CVE-2025-71101Same product: Linux Linux Kernel
CVE-2026-31528Same product: Linux Linux Kernel
CVE-2024-57982Same product: Linux Linux Kernel
CVE-2026-43048Same product: Linux Linux Kernel
CVE-2026-23406Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.16, 7.0 · 6.16.1 — 6.18.22 · 6.19 — 6.19.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of the kernel flaw via patches that add the is_x86_event check to prevent out-of-bounds memory reads in intel_pmu_hw_config.

prevent

Implements memory protection controls to restrict unauthorized kernel memory access and mitigate exploitation of out-of-bounds reads from unsafe container_of operations.

prevent

Enforces secure kernel configuration settings, such as enabling hardware memory protections or restricting perf subsystem usage to minimize exposure to the vulnerability.

References