CVE-2026-31431HIGH 7.8CISA KEVEPSS p99.8%

CVE-2026-31431Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux / Kernel

Description

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Scoring

CVSS 3.17.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS94.02% probability of exploitation · percentile 99.8% · 2026-06-18T12:00:27Z
Published2026-04-22
Last modified2026-05-21

CISA KEV entry

Added to KEV: 2026-05-01

Underlying weaknesses· 1

CWE-669

References

  1. https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c
  2. https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc
  3. https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667
  4. https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82
  5. https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b
  6. https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
  7. https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
  8. https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

1

TypeTargetConfidenceTier
WeaknessIncorrect Resource Transfer Between Spherescwe-6690%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryLinux Kernel Incorrect Resource Transfer Between Spheres Vulnerabilitykev-cve-2026-314310%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Linux Kernel Improper Authentication Vulnerability
CVE
CVE-2023-0266
CVE
Linux Kernel Privilege Escalation Vulnerability
CVE
Linux Kernel Improper Privilege Management Vulnerability
CVE
Linux Kernel Heap Out-of-Bounds Write Vulnerability
CVE
Linux Kernel Use of Uninitialized Resource Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.