CVE-2026-31449
Out-of-Bounds Read in Linux Kernel ext4 Extent Index Validation
Publication date: 2026-04-22
Last updated on: 2026-05-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 2.6.19 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 2.6.19.1 (inc) to 6.12.80 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ext4 filesystem code, specifically in the function ext4_ext_correct_indexes. The function walks up the extent tree to correct index entries when the first extent in a leaf is modified. However, before accessing a particular index pointer (p_idx), the code does not validate whether p_idx is within the valid range of index entries for that level.
If the on-disk extent header contains a corrupted or maliciously crafted value for eh_entries, p_idx can point beyond the allocated buffer. This leads to a slab-out-of-bounds read, which is a type of memory access error.
The fix involves validating the p_idx pointer against the maximum allowed index (EXT_LAST_INDEX()) before accessing it, returning an error (-EFSCORRUPTED) if the pointer is out of range, consistent with other bounds checks in the ext4 extent tree code.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to perform an out-of-bounds read in memory when processing corrupted or crafted ext4 filesystem metadata. Such out-of-bounds reads can lead to system instability, crashes, or potentially expose sensitive kernel memory contents.
While the description does not explicitly mention privilege escalation or code execution, out-of-bounds reads can be leveraged by attackers to gain information about kernel memory layout or cause denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel ext4 subsystem involves improper validation of index bounds in ext4_ext_correct_indexes, which can cause slab-out-of-bounds reads.
To mitigate this vulnerability, you should update your Linux kernel to a version where this issue has been fixed. The fix involves validating the index pointer against EXT_LAST_INDEX() to prevent out-of-range access.
Applying the latest kernel patches or upgrading to a kernel version released after 2026-04-22, when this vulnerability was fixed, is the recommended immediate step.