Bounds Check Bypass in Linux Kernel Affects Module Loader Functionality
CVE-2026-31521

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31521?

A vulnerability in the Linux kernel arises from the module loader's failure to validate the bounds of the ELF section index during symbol simplification. Specifically, when accessing symbols in the ELF section, an out-of-bounds symbol table index, such as 0xffff, can lead to a kernel panic. This condition can occur either from legitimate use cases or due to corruption. The oversight permits exploitation that can result in system instability or crashes. A patch has been introduced to enforce bounds checking on the symbol index to prevent this dangerous flaw from causing fatal exceptions.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5d16f519b6eb1d071807e57efe0df2baa8d32ad6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4bbdb0e48176fd281c2b9a211b110db6fd94e175

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 082f15d2887329e0f43fd3727e69365f5bfe5d2c

References

https://git.kernel.org/stable/c/5d16f519b6eb1d071807e57ef...

https://git.kernel.org/stable/c/4bbdb0e48176fd281c2b9a211...

https://git.kernel.org/stable/c/082f15d2887329e0f43fd3727...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31521 Data

JSON