What is the CVSS score of CVE-2026-31389?

CVE-2026-31389 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-31389?

Yes, a patch is available for CVE-2026-31389. Update the affected software to the latest version immediately.

Linux CVE-2026-31389

EUVD-2026-18761 HIGH

Use After Free (CWE-416)

2026-04-03 Linux

Information Disclosure Linux Use After Free Memory Corruption

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 14:22 vuln.today

cvss_changed

CVSS changed

Apr 27, 2026 - 14:22 NVD

7.8 (HIGH)

Patch available

Apr 16, 2026 - 05:29 EUVD

8634e05b08ead636e926022f4a98416e13440df9,80f3e8cd2b4ad355b2ad2024cf423f6d183404f7,23b51bad2eb8787aa74324cfccefb258515ae5ba

EUVD ID Assigned

Apr 03, 2026 - 15:30 euvd

EUVD-2026-18761

Analysis Generated

Apr 03, 2026 - 15:30 vuln.today

CVE Published

Apr 03, 2026 - 15:15 nvd

N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure

Make sure to deregister from driver core also in the unlikely event that per-cpu statistics allocation fails during controller registration to avoid use-after-free (of driver resources) and unclocked register accesses.

AnalysisAI

Use-after-free vulnerability in Linux kernel SPI controller registration allows local attackers to trigger unclocked register accesses and potential information disclosure when per-CPU statistics allocation fails during controller initialization. The vulnerability affects all Linux kernel versions and is fixed via proper driver core deregistration on allocation failure; no CVSS score or active exploitation data available at time of analysis.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

CVE-2026-47337 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local

CVE-2026-45844 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

Vendor StatusVendor

CVE-2026-31389 vulnerability details – vuln.today

Back

Linux CVE-2026-31389

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code