{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31451", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.091Z", "datePublished": "2026-04-22T13:53:46.243Z", "dateUpdated": "2026-04-22T13:53:46.243Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T13:53:46.243Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running while properly reporting the filesystem corruption.\n\nThe error is logged via ext4_error_inode(), the buffer head is released\nto prevent memory leak, and -EFSCORRUPTED is returned to indicate\nfilesystem corruption."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/inline.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "65c6c30ce6362c1c684568744ea510c921a756cd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "823849a26af089ffc5dfdd2ae4b9d446b46a0cda", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a7d600e04732a7d29b107c91fe3aec64cf6ce7f2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "356227096eb66e41b23caf7045e6304877322edf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/inline.c"], "versions": [{"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd"}, {"url": "https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed"}, {"url": "https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda"}, {"url": "https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2"}, {"url": "https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf"}], "title": "ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: replace BUG_ON with proper error handling in ext4_read_inline_folio\n\nReplace BUG_ON() with proper error handling when inline data size\nexceeds PAGE_SIZE. This prevents kernel panic and allows the system to\ncontinue running while properly reporting the filesystem corruption.\n\nThe error is logged via ext4_error_inode(), the buffer head is released\nto prevent memory leak, and -EFSCORRUPTED is returned to indicate\nfilesystem corruption."}], "id": "CVE-2026-31451", "lastModified": "2026-04-22T14:16:39.310", "metrics": {}, "published": "2026-04-22T14:16:39.310", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/356227096eb66e41b23caf7045e6304877322edf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65c6c30ce6362c1c684568744ea510c921a756cd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/823849a26af089ffc5dfdd2ae4b9d446b46a0cda"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a7d600e04732a7d29b107c91fe3aec64cf6ce7f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio", "id": "2460690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460690"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1284", "details": ["A flaw was found in the Linux kernel's ext4 filesystem. When processing inline data, if the data size exceeded the expected page size, it could lead to a kernel panic. This issue could be triggered by a local user with access to a specially crafted or corrupted ext4 filesystem, resulting in a system crash and a denial of service."], "name": "CVE-2026-31451", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31451\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31451\nhttps://lore.kernel.org/linux-cve-announce/2026042248-CVE-2026-31451-cec9@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,65c6c30ce6362c1c684568744ea510c921a756cd)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,823849a26af089ffc5dfdd2ae4b9d446b46a0cda)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a7d600e04732a7d29b107c91fe3aec64cf6ce7f2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,356227096eb66e41b23caf7045e6304877322edf)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.131,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T19:10:16.774182+00:00", "value": {"mitigation_remediation": ["Apply the latest kernel patch that addresses the ext4_read_inline_folio bug.", "If an immediate kernel update is not possible, obtain the backported patch from the vendor and apply it manually.", "After applying the fix, perform a full filesystem integrity check using fsck or similar tools to detect and repair any existing corruption.", "Audit application and system behavior to prevent generating inline data blocks that could exceed page size, potentially by limiting inline file sizes or disabling inline data features where appropriate."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds before the patch are impacted, across all vendors that ship the standard open-source kernel. The specific version range is not enumerated, so any kernel that has not received the upstream change remains vulnerable. The issue resides in the ext4 filesystem component and therefore affects all systems that mount ext4 filesystems with the standard kernel release. ", "description_and_impact": "In the Linux kernel, ext4_read_inline_folio previously triggered a BUG_ON when an inline data block exceeded PAGE_SIZE, causing the kernel to panic and making the system unavailable until rebooted. The patch replaces that unconditional panic with proper error handling, logging the corruption via ext4_error_inode(), releasing the buffer head to avoid a leak, and returning -EFSCORRUPTED so the filesystem can continue to operate while the corruption is reported. This change prevents an immediate system crash but still allows recovery of data integrity concerns. The vulnerability could have been leveraged to force denial of service without achieving code execution. The weakness stems from inadequate validation and error reporting in a critical filesystem routine. ", "risk_and_exploitability": "The CVSS score is not provided, and EPSS is unavailable, so exposure depth is uncertain but the lack of an active KEV listing suggests no widespread exploitation yet. An attacker would need to cause an inline data block to exceed PAGE_SIZE, which typically requires writing a very large inline file or manipulating filesystem metadata, a scenario that usually requires local privileges or compromised software. While exploitation does not grant code execution, it can still result in denial of service and filesystem corruption. Overall, the risk profile leans toward medium to high in environments where inline data growth can be unbounded, but the proprietary nature of the core vulnerability limits immediate exploitation avenues. "}}}}, "created": "2026-04-22T17:00:11.732458+00:00", "updated": "2026-04-22T19:15:24.482534+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-479", "CWE-400"]}