{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31529", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.111Z", "datePublished": "2026-04-22T13:54:41.853Z", "dateUpdated": "2026-05-11T22:10:33.610Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:10:33.610Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix leakage in __construct_region()\n\nFailing the first sysfs_update_group() needs to explicitly\nkfree the resource as it is too early for cxl_region_iomem_release()\nto do so."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cxl/core/region.c"], "versions": [{"version": "d6602e25819dea2c239972e98e09ba5db4aebd22", "lessThan": "f1b4741adf08b0063291ec1b0dfa9c3d55644933", "status": "affected", "versionType": "git"}, {"version": "d6602e25819dea2c239972e98e09ba5db4aebd22", "lessThan": "77b310bb7b5ff8c017524df83292e0242ba89791", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cxl/core/region.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933"}, {"url": "https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791"}], "title": "cxl/region: Fix leakage in __construct_region()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Fix leakage in __construct_region()\n\nFailing the first sysfs_update_group() needs to explicitly\nkfree the resource as it is too early for cxl_region_iomem_release()\nto do so."}], "id": "CVE-2026-31529", "lastModified": "2026-04-28T17:57:24.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:53.183", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77b310bb7b5ff8c017524df83292e0242ba89791"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1b4741adf08b0063291ec1b0dfa9c3d55644933"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cxl/region: Fix leakage in __construct_region()", "id": "2460716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460716"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's `cxl/region` component. This vulnerability involves a resource leakage within the `__construct_region()` function. When `sysfs_update_group()` fails, the resource is not explicitly freed, leading to a memory leak. This could potentially allow a local attacker to cause a Denial of Service (DoS) by exhausting system resources."], "name": "CVE-2026-31529", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31529\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31529\nhttps://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31529-f32e@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d6602e25819dea2c239972e98e09ba5db4aebd22,f1b4741adf08b0063291ec1b0dfa9c3d55644933)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d6602e25819dea2c239972e98e09ba5db4aebd22,77b310bb7b5ff8c017524df83292e0242ba89791)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T23:55:29.471144+00:00", "value": {"mitigation_remediation": ["Upgrade your Linux distribution or kernel to a release that applies commit 77b310bb7b5ff8c017524df83292e0242ba89791, which resolves the leak.", "If you maintain a custom kernel, merge commit 77b310bb7b5ff8c017524df83292e0242ba89791 into your source tree and rebuild the kernel.", "If the patch cannot be applied immediately and the device is not required, disable or remove the CXL subsystem modules to eliminate the vulnerable code path until an official fix is available."], "summary": {"action": "Apply Patch", "impact": "Memory Leak leading to Potential Denial of Service"}, "threat_synthesis": {"affected_systems": "All installations of the Linux kernel that include the cxl module are potentially affected, as the issue is logged in the core kernel source and applies to any kernel build before the inclusion of the fix commit. Specific distribution or version information is not provided, so any kernel release before the fix should be considered vulnerable.", "description_and_impact": "The vulnerability resides in the Linux kernel\u2019s CXL region handling code, where a failure on the first sysfs_update_group() call prevents the associated resource from being freed. This results in a memory resource leak that can accumulate over time and exhaust system memory, thereby disrupting normal operation of the kernel or other applications. The weakness is a classic memory leak (CWE-401) and a failure to release a resource after its effective lifetime (CWE-772).", "risk_and_exploitability": "With a CVSS score of 5.5, the severity is moderate; repeated or forced failures of sysfs_update_group() could lead to memory exhaustion and subsequent denial of service. The EPSS score of 0.00024 (<1%) and the fact that it is not listed in CISA\u2019s KEV catalog indicate that the vulnerability has not been widely exploited in public attacks. The most likely attack vector involves an attacker who can trigger the failure condition on a system with active CXL devices or from a privileged context where sysfs updates can misbehave."}}}}, "created": "2026-04-22T19:00:07.808639+00:00", "updated": "2026-04-29T00:00:13.839224+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}