Out-of-Bounds Write Vulnerability in Linux Kernel's NTFS3 Handling
CVE-2026-31716

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31716?

A vulnerability exists in the Linux kernel's NTFS3 filesystem code affecting journal replay functionality. This issue arises from the lack of validation for the 'used' field in file records during journal processing. An attacker could exploit this by corrupting filesystem entries, causing memory mismanagement and potential for extensive data manipulation. Implementing a check for the 'used' value ensures robust handling, preventing unexpected behaviors such as buffer overflows. Proper validation contributes significantly to the overall stability and security of the kernel during filesystem operations.

Affected Version(s)

Linux b46acd6a6a627d876898e1c84d3f84902264b445

Linux b46acd6a6a627d876898e1c84d3f84902264b445 < 4b1613d7e2deda831a97e427d1ea586e50fe1be5

Linux b46acd6a6a627d876898e1c84d3f84902264b445 < 0112e6279420d4005b3d57af36fb45c01b8d0116

References

https://git.kernel.org/stable/c/f90b8a1798b750755a9e9aee6...

https://git.kernel.org/stable/c/4b1613d7e2deda831a97e427d...

https://git.kernel.org/stable/c/0112e6279420d4005b3d57af3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31716 Data

JSON