Out-of-Bound Memory Access in Linux Kernel Affecting Performance Monitoring Units
CVE-2026-31528

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31528?

A vulnerability in the Linux kernel involves improper handling of performance monitoring unit (PMU) transactions leading to potential out-of-bound memory access. This issue arises when group scheduling fails and requires a rollback, but the wrong PMU transaction callbacks are invoked. Consequently, when event context cloning occurs, it can lead to improper PMU context inheritance, potentially compromising system stability and security. The vulnerability has been addressed to ensure the correct PMU context is consistently used across all scheduled events, enhancing the integrity of kernel performance monitoring.

Affected Version(s)

Linux bd27568117664b8b3e259721393df420ed51f57b < 656f35b463995bee024d948440128230aacd81e1

Linux bd27568117664b8b3e259721393df420ed51f57b < 3a696e84a8b1fafdd774bb30d62919faf844d9e4

Linux bd27568117664b8b3e259721393df420ed51f57b < 35f7914e54fe7f13654c22ee045b05e4b6d8062b

References

https://git.kernel.org/stable/c/656f35b463995bee024d94844...

https://git.kernel.org/stable/c/3a696e84a8b1fafdd774bb30d...

https://git.kernel.org/stable/c/35f7914e54fe7f13654c22ee0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31528 Data

JSON