CVE-2026-31554 (GCVE-0-2026-31554)
Vulnerability from cvelistv5
Published
2026-04-24 14:35
Modified
2026-04-27 14:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
futex: Require sys_futex_requeue() to have identical flags
Nicholas reported that his LLM found it was possible to create a UaF
when sys_futex_requeue() is used with different flags. The initial
motivation for allowing different flags was the variable sized futex,
but since that hasn't been merged (yet), simply mandate the flags are
identical, as is the case for the old style sys_futex() requeue
operations.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/futex/syscalls.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "027145ace09fad4c7cbcd6c61fe9b429c63eb0e5",
"status": "affected",
"version": "0f4b5f972216782a4acb1ae00dcb55173847c2ff",
"versionType": "git"
},
{
"lessThan": "18b7d09c2b794c71d4252f3ea2cf84ad12b73d6a",
"status": "affected",
"version": "0f4b5f972216782a4acb1ae00dcb55173847c2ff",
"versionType": "git"
},
{
"lessThan": "e2f78c7ec1655fedd945366151ba54fcb9580508",
"status": "affected",
"version": "0f4b5f972216782a4acb1ae00dcb55173847c2ff",
"versionType": "git"
},
{
"lessThan": "19f94b39058681dec64a10ebeb6f23fe7fc3f77a",
"status": "affected",
"version": "0f4b5f972216782a4acb1ae00dcb55173847c2ff",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/futex/syscalls.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.80",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.21",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.11",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Require sys_futex_requeue() to have identical flags\n\nNicholas reported that his LLM found it was possible to create a UaF\nwhen sys_futex_requeue() is used with different flags. The initial\nmotivation for allowing different flags was the variable sized futex,\nbut since that hasn\u0027t been merged (yet), simply mandate the flags are\nidentical, as is the case for the old style sys_futex() requeue\noperations."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T14:04:02.531Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/027145ace09fad4c7cbcd6c61fe9b429c63eb0e5"
},
{
"url": "https://git.kernel.org/stable/c/18b7d09c2b794c71d4252f3ea2cf84ad12b73d6a"
},
{
"url": "https://git.kernel.org/stable/c/e2f78c7ec1655fedd945366151ba54fcb9580508"
},
{
"url": "https://git.kernel.org/stable/c/19f94b39058681dec64a10ebeb6f23fe7fc3f77a"
}
],
"title": "futex: Require sys_futex_requeue() to have identical flags",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31554",
"datePublished": "2026-04-24T14:35:38.527Z",
"dateReserved": "2026-03-09T15:48:24.115Z",
"dateUpdated": "2026-04-27T14:04:02.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…