CVE-2026-31742
Kernel Oops in Linux Console Unicode Buffer Handling
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a kernel oops caused by out-of-bounds memory access in the Linux console unicode buffer after resizing the console in the alternate screen mode.
To detect this issue on your system, you can monitor your kernel logs for messages indicating a kernel oops related to the console unicode buffer or memory access errors after resizing the console.
- Use the command `dmesg | grep -i 'BUG: unable to handle page fault'` to check for kernel oops messages.
- Look for messages referencing `csi_J` or memory addresses similar to those described in the vulnerability (e.g., out-of-bounds access).
- Check for system instability or crashes when resizing the console in alternate screen mode.
There are no specific network detection commands since this is a local kernel vulnerability related to console operations.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's handling of the console's alternate screen buffer during a resize operation. When the system switches to the alternate screen, it saves the current unicode buffer and sets the active buffer to NULL. If the console is resized while in the alternate screen, the code fails to reallocate the unicode buffer properly because it detects the active buffer as NULL. However, the saved buffer still points to the old memory area allocated for the original screen size.
Later, when the system leaves the alternate screen and tries to restore the saved buffer, the dimensions of this buffer no longer match the current console size. Any operation that iterates over this buffer using the new dimensions can access memory beyond the allocated area, causing a kernel crash (kernel oops) due to out-of-bounds memory access.
The fix involves checking if the console dimensions changed while in the alternate screen and, if so, freeing the stale saved buffer instead of restoring it. The unicode screen buffer will then be rebuilt as needed.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash unexpectedly due to out-of-bounds memory access when resizing the console while using the alternate screen buffer. Such a kernel crash (kernel oops) can lead to system instability, potential data loss, and denial of service as the system may become unresponsive or require a reboot.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is caused by stale unicode buffers being restored after a console resize in the Linux kernel, leading to out-of-bounds memory access and kernel oops.
To mitigate this vulnerability, update the Linux kernel to a version where this issue is fixed. The fix involves checking if console dimensions changed while in the alternate screen and freeing the stale saved buffer instead of restoring it.
Until the kernel is updated, avoid operations that trigger console resize events while using the alternate screen buffer to reduce the risk of kernel crashes.