Kernel Vulnerability Affecting Linux Products Due to Unvalidated Pointer in ATM Services
CVE-2026-31411

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-31411?

A vulnerability in the Linux kernel's ATM subsystem arises from the handling of a vcc pointer, which is retrieved from userspace without proper validation. An attacker can send a crafted message to the kernel, leading to the dereferencing of an arbitrary pointer, which could potentially compromise system memory integrity. This security gap necessitates careful validation of incoming pointers to prevent unauthorized access and ensure robust system protection.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1c8bda3df028d5e54134077dcd09f46ca8cfceb5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3e1a8b00095246a9a2b46b57f6d471c6d3c00ed2

References

https://git.kernel.org/stable/c/c96549d07dfdd51aadf0722cf...

https://git.kernel.org/stable/c/1c8bda3df028d5e54134077dc...

https://git.kernel.org/stable/c/3e1a8b00095246a9a2b46b57f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31411 Data

JSON