CVE-2026-31521
Out-of-Bounds Index Vulnerability in Linux Kernel Module Loader Causes Panic
Publication date: 2026-04-22
Last updated on: 2026-04-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 5.16 (inc) to 6.1.168 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.21 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.11 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.131 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.80 (exc) |
| linux | linux_kernel | From 2.6.12.1 (inc) to 5.15.203 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's module loader, specifically in the simplify_symbols() function. The function does not properly check if the ELF section index (st_shndx) of a symbol is within valid bounds before using it.
If a symbol has an out-of-bounds st_shndx value, such as 0xffff (which corresponds to special values like SHN_XINDEX or SHN_HIRESERVE), the kernel may attempt to access invalid memory addresses. This can cause a kernel panic, resulting in a fatal exception and system crash.
The issue can occur either when a module ELF legitimately uses these special section indices or if the module is corrupted. The fix involves adding a bounds check to ensure st_shndx is valid before it is used.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by adding a bounds check in the simplify_symbols() function of the Linux kernel module loader to validate that the ELF symbol section index (st_shndx) is within the valid range before use.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.
How can this vulnerability impact me? :
This vulnerability can cause a kernel panic, which leads to a system crash and loss of availability. If exploited or triggered, it can disrupt normal system operations, potentially causing downtime or requiring a reboot.
Since the kernel panic is caused by invalid memory access due to out-of-bounds section indices in kernel modules, it may also be exploited to cause denial of service on affected Linux systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a kernel panic caused by an out-of-bounds ELF section index (st_shndx) in the Linux kernel module loader. Detection would typically involve monitoring for kernel panic messages related to simplify_symbols or unusual module loading failures.
You can check your system logs (e.g., using dmesg or journalctl) for kernel panic messages referencing simplify_symbols or related faults.
- dmesg | grep -i 'simplify_symbols'
- journalctl -k | grep -i 'kernel panic'
- journalctl -k | grep -i 'simplify_symbols'
Additionally, inspecting loaded kernel modules for corrupted or suspicious ELF symbols might require specialized tools or scripts, but no specific commands are provided in the available information.