Memory Handling Vulnerability in Linux Kernel for Raspberry Pi Devices
CVE-2026-31494

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31494?

A vulnerability in the Linux kernel affects Raspberry Pi devices where an out-of-bounds write can occur due to improper handling of memory for network statistics. Specifically, the functions gem_get_sset_count and gem_get_ethtool_stats do not align on how they determine active queue counts. As a result, this mismatch can lead to attempts to write beyond allocated memory, potentially exposing the device to instability or exploitation. A fix has been implemented to ensure that the size of the data copied corresponds to the number of actively used queues, thereby protecting against unauthorized memory access.

Affected Version(s)

Linux 512286bbd4b7d5b15d26ba8078c8bfd1fc1129bd < 9738be665544281aa624842812c2fbfed6f88226

Linux 512286bbd4b7d5b15d26ba8078c8bfd1fc1129bd < 240c5302eed83e34e98db18f6795ee5f40814024

Linux 512286bbd4b7d5b15d26ba8078c8bfd1fc1129bd < 9596759a84e1dbf2670518d85e969208960041f9

References

https://git.kernel.org/stable/c/9738be665544281aa62484281...

https://git.kernel.org/stable/c/240c5302eed83e34e98db18f6...

https://git.kernel.org/stable/c/9596759a84e1dbf2670518d85...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31494 Data

JSON