CVE-2026-31438

Source
https://cve.org/CVERecord?id=CVE-2026-31438
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31438.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31438
Downstream
Published
2026-04-22T13:53:37.053Z
Modified
2026-07-15T01:49:16.408342091Z
Summary
netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators
Details

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix kernel BUG in netfslimititer() for ITER_KVEC iterators

When a process crashes and the kernel writes a core dump to a 9P filesystem, _kernelwrite() creates an ITERKVEC iterator. This iterator reaches netfslimititer() via netfsunbufferedwrite(), which only handles ITERFOLIOQ, ITERBVEC and ITERXARRAY iterator types, hitting the BUG() for any other type.

Fix this by adding netfslimitkvec() following the same pattern as netfslimitbvec(), since both kvec and bvec are simple segment arrays with pointer and length fields. Dispatch it from netfslimititer() when the iterator type is ITER_KVEC.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31438.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cae932d3aee55035a54415dcea8e7ecf2ec469b5
Fixed
18c2e20b42dd21db599e42d05ddaeeb647b2bb6d
Fixed
4bc2d72c7695cedf6d4e1a558924903c2b28a78e
Fixed
00d6df7115f6972370974212de9088087820802e
Fixed
67e467a11f62ff64ad219dc6aa5459e132c79d14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31438.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.80
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.21
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31438.json"