BPF Exception Handling Flaw in Linux Kernel by Linux Foundation
CVE-2026-31526

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31526?

A critical exception handling flaw in the Linux kernel's BPF subsystem can lead to resource leaks and potential system instability. The vulnerability arises during the execution of static subprograms, where the handling of exception exits may bypass necessary cleanup processes, leaving user-acquired locks unaddressed. The error message prefix has been updated in the latest patches to ensure clear identification of issues related to the bpf_throw function. Users of affected Linux kernel versions are advised to update to mitigate associated risks.

Affected Version(s)

Linux f18b03fabaa9b7c80e80b72a621f481f0d706ae0

Linux f18b03fabaa9b7c80e80b72a621f481f0d706ae0 < 5a399f3117642494e35545f6ca397d3e177c1f9b

Linux f18b03fabaa9b7c80e80b72a621f481f0d706ae0 < 6c2128505f61b504c79a20b89596feba61388112

References

https://git.kernel.org/stable/c/c0281da1f2aa5c2fca3a05f79...

https://git.kernel.org/stable/c/5a399f3117642494e35545f6c...

https://git.kernel.org/stable/c/6c2128505f61b504c79a20b89...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31526 Data

JSON