CVE-2026-31782
Memory Corruption in Linux Kernel perf/x86
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to perf/x86 has been resolved by fixing a potential bad container_of operation in intel_pmu_hw_config. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.
Specifically, ensure your kernel includes the patch that guards the call to intel_pmu_set_acr_caused_constr with an is_x86_event check to avoid out of bound memory reads.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's perf subsystem for x86 architectures. It involves a potential issue with the container_of operation in the intel_pmu_set_acr_caused_constr function, which is part of the performance monitoring unit (PMU) handling code. Specifically, when auto counter reload includes a group of events with software events, the software event PMU is not the x86_hybrid_pmu, and the container_of operation could lead to out-of-bounds memory reads. The fix involves adding a check (is_x86_event) to guard the call and prevent this unsafe memory access.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory reads in the Linux kernel's performance monitoring code. Such memory access issues can potentially cause system instability, crashes, or expose sensitive kernel memory contents, which could be exploited by attackers to gain unauthorized information or escalate privileges.