CVE-2026-31451
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, the ext4 filesystem replaces BUG_ON() with proper error handling in ext4_read_inline_folio. When inline data size exceeds PAGE_SIZE, instead of kernel panic, an error is logged, buffer head is released, and -EFSCORRUPTED is returned.
Risk Assessment
The vulnerability can cause kernel panic on ext4 filesystem corruption, leading to system downtime and potential data loss.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit replacing BUG_ON). Monitor system logs for ext4_error_inode() messages to detect filesystem corruption.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline data size exceeds PAGE_SIZE. This prevents kernel panic and allows the system to continue running while properly reporting the filesystem corruption. The error is logged via ext4_error_inode(), the buffer head is released to prevent memory leak, and -EFSCORRUPTED is returned to indicate filesystem corruption.

