CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 15, 2026

CVE-2026-31431

High

CISA KEV

Description

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Required Action

https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/; https://xint.io/blog/copy-fail-linux-distributions#the-fix-6 ; https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-31431

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

May 1, 2026

Added to KEV

May 1, 2026

Remediation Due

May 15, 2026

Affected Product

Linux

Kernel

View all Linux CVEs

External Links

NVD (NIST)CVE Details MITRE CVE