CVE-2026-31463CRITICAL 9.8EPSS p29.6%

CVE-2026-31463CVE-2026-31463

Description

In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access after folio_end_read()") partially addressed invalid folio access for folios without an ifs attached, but it did not handle the case where 1 << inode->i_blkbits matches the folio size but is different from the granularity used for the IO, which means IO can be submitted for less than the full folio for the !ifs case. In this case, the condition: if (*bytes_submitted == folio_len) ctx->cur_folio = NULL; in iomap_read_folio_iter() will not invalidate ctx->cur_folio, and iomap_read_end() will still be called on the folio even though the IO helper owns it and will finish the read on it. Fix this by unconditionally invalidating ctx->cur_folio for the !ifs case.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.38% probability of exploitation · percentile 29.6% · 2026-06-19T12:03:05Z
Published2026-04-22
Last modified2026-05-07

References

  1. https://git.kernel.org/stable/c/4a927f670cdb0def226f9f85f42a9f19d9e09c88
  2. https://git.kernel.org/stable/c/bd71fb3fea9945987053968f028a948997cba8cc

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31589
CVE
CVE-2026-31449
CVE
CVE-2026-31456
CVE
CVE-2026-31597
CVE
CVE-2026-31455
CVE
CVE-2026-31464
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.