PatchSiren cyber security CVE debrief
CVE-2026-31441 Linux CVE debrief
A memory leak vulnerability was found in the Linux kernel. The vulnerability occurs when a workqueue is reset, and the idxd_wq_disable_cleanup() function sets the workqueue type to NONE before releasing its resources. This can cause a memory leak. The vulnerability has been resolved by setting the workqueue type to NONE only after its resources are released. This issue affects Linux kernel users and administrators who should be aware of this vulnerability and take steps to mitigate it.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-22
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-22
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and administrators should be aware of this vulnerability and take steps to mitigate it. This includes updating to a patched version of the Linux kernel and monitoring for potential exploitation. System operators, platform administrators, and security teams should review system logs for suspicious activity.
Technical summary
The vulnerability is caused by the idxd_wq_disable_cleanup() function setting the workqueue type to NONE before releasing its resources. This can cause a memory leak. The vulnerability has been resolved by setting the workqueue type to NONE only after its resources are released. The affected versions of the Linux kernel are 5.7.10 to 5.8, 5.8.1 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11. Users should update to a patched version of the Linux kernel.
Defensive priority
Medium High Critical Severity Vulnerability Priority Rating Based On CVSS Score Of 5.5 For Linux Kernel Users And Administrators To Address The Memory Leak Vulnerability CVE-2026-31441 Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions 5.7.10 To 5.8 5.8.1 To 6.1.168 6.2 To 6.6.131 6.7 To 6.12.80 6.13 To 6.18.21 6.19 To 6.19.11 Of Linux Kernel To Prevent Potential Data Breaches Or Denial Of Service Attacks Through Memory Corruption Or Exhaustion Exploited By Remote Attackers With Low Attack Complexity And No User Interaction Required For Successful Exploitation Of This Medium Severity CVSS 5.5 Vulnerability In A Typical Operational Environment With High Confidentiality Loss Impact And Medium Integrity Loss Impact And Medium Availability Loss Impact For Confidentiality Integrity And Availability Of Affected Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE- 6
Recommended defensive actions
- Update to a patched version of the Linux kernel
- Monitor for potential exploitation
- Review system logs for suspicious activity
- Perform vulnerability scanning to identify potentially affected systems
- Implement compensating controls for exposed systems
- Conduct an asset inventory to identify Linux kernel deployments
- Track exceptions and retest remediated assets
Evidence notes
The vulnerability was resolved by setting the workqueue type to NONE only after its resources are released. The affected versions of the Linux kernel are 5.7.10 to 5.8, 5.8.1 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11. To verify, defenders should review system logs for suspicious activity and check for potential exploitation.
Official resources
-
CVE-2026-31441 CVE record
CVE.org
-
CVE-2026-31441 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-22T14:16:37.530Z and has not been modified since then.