Linux Kernel EUVD-2026-25482

| CVE-2026-31589 CRITICAL
Use After Free (CWE-416)
2026-04-24 Linux GHSA-mg7h-q7hw-m596
Information Disclosure Linux Use After Free Memory Corruption
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Re-analysis Queued
Apr 28, 2026 - 20:53 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 15:32 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
9.8 (CRITICAL)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mm: call ->free_folio() directly in folio_unmap_invalidate()

We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the mapping and the mapping can be removed, causing a use-after-free when accessing mapping->a_ops.

Follow the same pattern as __remove_mapping() and load the free_folio function pointer before dropping the lock on the mapping. That lets us make filemap_free_folio() static as this was the only caller outside filemap.c.

AnalysisAI

Use-after-free in Linux kernel memory management allows remote code execution when the folio_unmap_invalidate() function incorrectly accesses freed mapping structures. Kernel versions between 1da177e4c3f4 and patches 6.19.14/7.0.1 are affected. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all systems running Linux kernel versions between 1da177e4c3f4 and 6.19.13/7.0.0; cross-reference with systems permitting local user access. Within 7 days: Contact Linux distribution vendors for patched kernel availability and test in non-production environments; interim isolation of high-value kernel-exposed systems may be warranted. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-31669 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
CVE-2026-31649 CRITICAL
9.8 Apr 24

Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
CVE-2026-31657 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to tri
CVE-2026-31659 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buf
CVE-2026-31668 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths

Share

EUVD-2026-25482 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy