CVE-2026-31597 in Linuxالمعلومات

الملخص

بحسب MITRE • 24/04/2026

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY

filemap_fault() may drop the mmap_lock before returning VM_FAULT_RETRY, as documented in mm/filemap.c:

"If our return value has VM_FAULT_RETRY set, it's because the mmap_lock may be dropped before doing I/O or by lock_folio_maybe_drop_mmap()."

When this happens, a concurrent munmap() can call remove_vma() and free the vm_area_struct via RCU. The saved 'vma' pointer in ocfs2_fault() then becomes a dangling pointer, and the subsequent trace_ocfs2_fault() call dereferences it -- a use-after-free.

Fix this by saving ip_blkno as a plain integer before calling filemap_fault(), and removing vma from the trace event. Since ip_blkno is copied by value before the lock can be dropped, it remains valid regardless of what happens to the vma or inode afterward.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Linux

حجز

09/03/2026

إفشاء

24/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-359433

EPSS

0.00015

KEV

لا

النشاطات

منخفض جدًا

القطاع

Telecommunication, Police, ...

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-31597
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-31597
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-31597/

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!