Use After Free Vulnerability in Linux Kernel Affects Various Distributions
CVE-2026-31703

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31703?

A vulnerability exists in the Linux kernel's inode management code, specifically in the inode_switch_wbs_work_fn() function. It arises from improper management of work structures that could lead to a use after free scenario. When the function processes items in a loop, a lack of proper checks may allow the associated work structure to be freed while still pending, exposing systems to potential instability and security risks. The flaw was addressed by removing the loop to ensure that the work structure is retained as long as needed, thereby safeguarding against the possibility of freeing the structure while other operations are pending.

Affected Version(s)

Linux e1b849cfa6b61f1c866a908c9e8dd9b5aaab820b < 028103656b84273c73e9e271cf95c9f3421f4b8a

Linux e1b849cfa6b61f1c866a908c9e8dd9b5aaab820b < 9223e5f30403a9b506d6d0bff4f2e29a2d7d46af

Linux e1b849cfa6b61f1c866a908c9e8dd9b5aaab820b < 6689f01d6740cf358932b3e97ee968c6099800d9

References

https://git.kernel.org/stable/c/028103656b84273c73e9e271c...

https://git.kernel.org/stable/c/9223e5f30403a9b506d6d0bff...

https://git.kernel.org/stable/c/6689f01d6740cf358932b3e97...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31703 Data

JSON