CVE-2026-31451
Improper Error Handling in Linux ext4 Causes Kernel Panic
Publication date: 2026-04-22
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.80 (exc) |
| linux | linux_kernel | From 3.8 (inc) to 6.6.131 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ext4 filesystem code, specifically in the function ext4_read_inline_folio.
Previously, when the inline data size exceeded the PAGE_SIZE, the kernel would trigger a BUG_ON(), causing a kernel panic and system crash.
The fix replaces this BUG_ON() with proper error handling that prevents the kernel panic, allowing the system to continue running while reporting the filesystem corruption.
The error is logged using ext4_error_inode(), the buffer head is released to prevent memory leaks, and the function returns -EFSCORRUPTED to indicate filesystem corruption.
How can this vulnerability impact me? :
If unpatched, this vulnerability can cause the Linux kernel to panic and crash when the inline data size in ext4 exceeds PAGE_SIZE.
Such kernel panics lead to system downtime and potential data loss or corruption.
With the fix, the system avoids crashing by handling the error gracefully, logging the issue, and indicating filesystem corruption, which helps maintain system stability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to the Linux kernel ext4 filesystem handling where improper error handling could cause a kernel panic. Detection involves monitoring system logs for filesystem corruption errors.
Specifically, look for error messages logged by ext4_error_inode() indicating filesystem corruption.
You can check system logs using commands such as:
- dmesg | grep ext4_error_inode
- journalctl -k | grep ext4_error_inode
- grep -i ext4 /var/log/syslog
Additionally, running filesystem checks (fsck) on ext4 partitions may help detect corruption.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by replacing BUG_ON() with proper error handling in the ext4_read_inline_folio function.
Immediate mitigation steps include updating your Linux kernel to a version that includes this fix.
Until the update is applied, monitor for filesystem corruption errors and avoid operations that may trigger inline data size exceeding PAGE_SIZE.
Regular backups of important data are recommended to prevent data loss in case of filesystem corruption.