CVE-2026-31435
Published: Apr 22, 2026
Modified: May 11, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place to start abandonment from, but it doesn't always have a useful value (it will be uninitialised on the first pass through the loop and it may point to a deleted subrequest on later passes). Fix the first jump to "abandon:" to set subreq to the start of the first subrequest expected to need retry (which, in this abandonment case, turned out unexpectedly to no longer have NEED_RETRY set). Also clear the subreq pointer after discarding superfluous retryable subrequests to cause an oops if we do try to access it.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ee4cdf7ba857a894ad1650d6ab77669cbbfa329e - < 3e5fd8f53b575ff2188f82071da19c977ca56c41affected ee4cdf7ba857a894ad1650d6ab77669cbbfa329e - < 8f2f2bd128a8d9edbc1e785760da54ada3df69b7affected ee4cdf7ba857a894ad1650d6ab77669cbbfa329e - < 7e57523490cd2efb52b1ea97f2e0a74c0fb634cd |
Linux | Linux | affected 6.12unaffected 0 - < 6.12unaffected 6.18.21 - <= 6.18.*unaffected 6.19.11 - <= 6.19.*unaffected 7.0 - <= * |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now