CVE-2026-31438 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators

When a process crashes and the kernel writes a core dump to a 9P
filesystem, __kernel_write() creates an ITER_KVEC iterator. This
iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which
only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types,
hitting the BUG() for any other type.

Fix this by adding netfs_limit_kvec() following the same pattern as
netfs_limit_bvec(), since both kvec and bvec are simple segment arrays
with pointer and length fields. Dispatch it from netfs_limit_iter() when
the iterator type is ITER_KVEC.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e
https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d
https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e
https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14

History

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, __kernel_write() creates an ITER_KVEC iterator. This iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types, hitting the BUG() for any other type. Fix this by adding netfs_limit_kvec() following the same pattern as netfs_limit_bvec(), since both kvec and bvec are simple segment arrays with pointer and length fields. Dispatch it from netfs_limit_iter() when the iterator type is ITER_KVEC.
Title		netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:53:37.053Z

Updated: 2026-04-22T13:53:37.053Z

Reserved: 2026-03-09T15:48:24.090Z

Link: CVE-2026-31438

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-22T14:16:37.100

Modified: 2026-04-22T14:16:37.100

Link: CVE-2026-31438

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T16:30:21Z

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object