Use-After-Free Vulnerability in Linux Kernel Affecting F2FS Filesystem
CVE-2026-31702

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31702?

A vulnerability has been identified in the Linux kernel related to the F2FS filesystem, specifically in the f2fs_compress_write_end_io function. This issue arises when the page count is decremented to zero, allowing a concurrent unmount operation to proceed and potentially free critical memory structures while they are still in use. This race condition can lead to a use-after-free scenario, where the system attempts to access a memory region that has already been deallocated, creating instability and security concerns for affected systems. The issue has been addressed by rearranging the order of operations to ensure memory access is completed before the page count decrements, thus preventing the race condition from occurring.

Affected Version(s)

Linux 4c8ff7095bef64fc47e996a938f7d57f9e077da3

References

https://git.kernel.org/stable/c/ef57cd3329b40c739b9a2e1a8...

https://git.kernel.org/stable/c/f5154cf3ce1c8193f0c1891d3...

https://git.kernel.org/stable/c/c76cf339b87975ae5b2c06d2d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31702 Data

JSON