CVE-2026-31438
Kernel BUG Triggered by Improper Iterator Handling in Linux netfs
Publication date: 2026-04-22
Last updated on: 2026-04-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfs subsystem. When a process crashes and the kernel attempts to write a core dump to a 9P filesystem, it uses an iterator of type ITER_KVEC in the __kernel_write() function. However, the netfs_limit_iter() function, which is called during this process, only handles certain iterator types (ITER_FOLIOQ, ITER_BVEC, and ITER_XARRAY). When it encounters the ITER_KVEC type, it triggers a kernel BUG() because it is not handled properly.
The fix involved adding support for the ITER_KVEC iterator type by implementing netfs_limit_kvec(), similar to the existing netfs_limit_bvec(), and dispatching it correctly from netfs_limit_iter(). This prevents the kernel BUG from occurring when handling ITER_KVEC iterators.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to hit a BUG() and potentially crash or become unstable when writing core dumps to a 9P filesystem after a process crash. This could lead to system instability or denial of service conditions during such events.