Signed Integer Vulnerability in Linux Kernel Affecting Division and Modulo Operations
CVE-2026-31525

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31525?

In the Linux kernel, a flaw in the BPF interpreter's handling of signed 32-bit division and modulo operations can lead to undefined behavior. Specifically, the kernel's abs() macro fails when applied to the minimum value of a signed 32-bit integer, resulting in incorrect calculations and potential out-of-bounds access. This vulnerability arises from a mismatch in the verifier's calculation and the interpreter's handling of certain integer operations. A patch has been introduced to correctly manage these operations and prevent exploitation.

Affected Version(s)

Linux ec0e2da95f72d4a46050a4d994e4fe471474fd80 < 694ea55f1b1c74f9942d91ec366ae9e822422e42

Linux ec0e2da95f72d4a46050a4d994e4fe471474fd80 < 9ab1227765c446942f290c83382f0b19887c55cf

Linux ec0e2da95f72d4a46050a4d994e4fe471474fd80

References

https://git.kernel.org/stable/c/694ea55f1b1c74f9942d91ec3...

https://git.kernel.org/stable/c/9ab1227765c446942f290c833...

https://git.kernel.org/stable/c/f14ca604c0ff274fba19f73f1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31525 Data

JSON