Double Free Vulnerability in Linux Kernel's Page Table Management
CVE-2026-31686

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-31686?

A vulnerability in the Linux kernel's memory management system, specifically within the KASAN (Kernel Address Sanitizer) mechanism, leads to a double free condition when handling page tables. This issue arises particularly in the powerpc architecture, where it was assumed that the page table structure would always be aligned with the sizes defined in memory management. The flaw causes KASAN to incorrectly free memory associated with the page table, potentially leading to memory corruption and other unforeseen consequences in systems reliant on these operations. This issue has been addressed by modifying how the kernel calculates the address of the page tables, ensuring alignment and preventing further double free occurrences.

Affected Version(s)

Linux 0207df4fa1a869281ddbf72db6203dbf036b3e1a

References

https://git.kernel.org/stable/c/cec74b2ab7dff866b1d77eaa5...

https://git.kernel.org/stable/c/a05f77cb227c39c5069aea6f1...

https://git.kernel.org/stable/c/f6204f7ff6aff62ce6242a769...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31686 Data

JSON