CVE Catalog

CVE-2026-31589

Critical
Published: Translated: NVD NIST

Summary

A vulnerability in the Linux kernel has been resolved by directly calling the ->free_folio() function in folio_unmap_invalidate(). The issue was that calling filemap_free_folio() without properly locking the mapping could lead to a use-after-free error.

Risk Assessment

Organizations may be exposed to serious security issues, including the potential for unauthorized memory access, which could lead to system crashes or data leaks.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the mapping and the mapping can be removed, causing a use-after-free when accessing mapping->a_ops. Follow the same pattern as __remove_mapping() and load the free_folio function pointer before dropping the lock on the mapping. That lets us make filemap_free_folio() static as this was the only caller outside filemap.c.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS