Polling Queue Vulnerability in Linux Kernel Affects Multiple Distributions
CVE-2026-31523

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31523?

In the Linux kernel, a vulnerability exists in the nvme-pci component that allows a user to modify the polled queue count at runtime. During specific reset conditions, there is a potential race condition where a high-priority task may attempt to poll a queue that hasn't yet been updated by the block layer. This discrepancy could lead to double completions and impact system performance. Addressing this issue is crucial for maintaining the reliability and integrity of systems using the Linux kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 965e2c943f065122f14282a88d70a8a92e12a4da

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0685dd9cb855ab77fcf3577b4702ba1d6df1c98d

References

https://git.kernel.org/stable/c/965e2c943f065122f14282a88...

https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409...

https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31523 Data

JSON