Out-of-Bounds Write Vulnerability in Linux Kernel Affecting iavf Component
CVE-2026-31505

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31505?

A vulnerability in the iavf component of the Linux kernel can lead to out-of-bounds writes, particularly when the 'ethtool' commands 'ethtool -L' and 'ethtool -S' are executed simultaneously. This arises because of an improper usage of real_num_tx_queues during runtime, which can result in a mismatch between the expected and actual number of active queues. To mitigate this risk, the num_tx_queues value should be consistently employed across all related functions, ensuring that boundary checks are properly enforced and preventing potential memory corruption.

Affected Version(s)

Linux 64430f70ba6fcd5872ac190f4ae3ddee3f48f00d < 1f931dee5b726df1940348ec31614d64bac03aa6

Linux 64430f70ba6fcd5872ac190f4ae3ddee3f48f00d

References

https://git.kernel.org/stable/c/1f931dee5b726df1940348ec3...

https://git.kernel.org/stable/c/bb85741d2dc2be207353a412f...

https://git.kernel.org/stable/c/fdf902bf86a80bf15792a1d20...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31505 Data

JSON