Skip to main content

Linux Kernel EUVDEUVD-2026-24898

| CVE-2026-31514 MEDIUM
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-mgg3-9x9v-hwxx
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 16:22 vuln.today
CVSS changed
Apr 28, 2026 - 16:22 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 16:19 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24898
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

erofs: set fileio bio failed in short read case

For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in bio are unexpectedly marked as uptodate.

vfs_read filemap_read filemap_get_pages filemap_readahead erofs_fileio_readahead erofs_fileio_rq_submit vfs_iocb_iter_read filemap_read filemap_get_pages <= detect signal erofs_fileio_ki_complete <= set all folios uptodate

This patch addresses this by setting short read bio with an error directly.

AnalysisAI

Short read handling in EROFS file-backed mounts can mark unread file pages as uptodate when vfs_iocb_iter_read() is interrupted by signals, leading to potential data corruption or information disclosure on systems using EROFS with file-backed mounts. Affected Linux kernel versions prior to fixes in 6.18.21, 6.19.11, and 6.12.80. Local authenticated users can trigger this via signal interruption during I/O operations.

Technical ContextAI

This vulnerability exists in the EROFS (Enhanced Read-Only File System) subsystem, specifically in the file-backed mount path where I/O requests are delegated to vfs_iocb_iter_read(). EROFS fileio readahead operations call vfs_iocb_iter_read() which can be interrupted by signals (such as SIGKILL) before completing the requested read, returning only the number of bytes actually copied. The erofs_fileio_ki_complete() callback incorrectly marks all folios in the bio as uptodate despite the short read, causing pages that were never actually read to be marked as valid. This is a logic error in signal handling and bio completion within the kernel's filesystem layer, affecting the erofs subsystem's integration with the VFS (Virtual File System) readahead mechanism.

RemediationAI

Upgrade affected Linux kernels to patched versions: 6.18.21 or later, 6.19.11 or later, or 6.12.80 or later depending on deployed stable branch. For users unable to immediately patch, the mitigation is to avoid file-backed EROFS mounts in favor of block-backed EROFS mounts, or to use alternative filesystems such as ext4 or XFS. File-backed EROFS is primarily used in specific embedded or container scenarios, so most production systems can defer patching if block-backed mounts are already in use. The fix is available via standard Linux kernel update mechanisms (apt/yum/dnf depending on distribution). Commit references for cherry-picking are available at https://git.kernel.org/stable/ with the commit hashes provided in references. No workaround exists for systems that require file-backed EROFS functionality; patching is mandatory for those deployments.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-24898 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy