PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31441 Linux CVE debrief

A memory leak vulnerability was found in the Linux kernel. The vulnerability occurs when a workqueue is reset, and the idxd_wq_disable_cleanup() function sets the workqueue type to NONE before releasing its resources. This can cause a memory leak. The vulnerability has been resolved by setting the workqueue type to NONE only after its resources are released. This issue affects Linux kernel users and administrators who should be aware of this vulnerability and take steps to mitigate it.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-07-14
Advisory published
2026-04-22
Advisory updated
2026-07-14

Who should care

Linux kernel users and administrators should be aware of this vulnerability and take steps to mitigate it. This includes updating to a patched version of the Linux kernel and monitoring for potential exploitation. System operators, platform administrators, and security teams should review system logs for suspicious activity.

Technical summary

The vulnerability is caused by the idxd_wq_disable_cleanup() function setting the workqueue type to NONE before releasing its resources. This can cause a memory leak. The vulnerability has been resolved by setting the workqueue type to NONE only after its resources are released. The affected versions of the Linux kernel are 5.7.10 to 5.8, 5.8.1 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11. Users should update to a patched version of the Linux kernel.

Defensive priority

Medium High Critical Severity Vulnerability Priority Rating Based On CVSS Score Of 5.5 For Linux Kernel Users And Administrators To Address The Memory Leak Vulnerability CVE-2026-31441 Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions 5.7.10 To 5.8 5.8.1 To 6.1.168 6.2 To 6.6.131 6.7 To 6.12.80 6.13 To 6.18.21 6.19 To 6.19.11 Of Linux Kernel To Prevent Potential Data Breaches Or Denial Of Service Attacks Through Memory Corruption Or Exhaustion Exploited By Remote Attackers With Low Attack Complexity And No User Interaction Required For Successful Exploitation Of This Medium Severity CVSS 5.5 Vulnerability In A Typical Operational Environment With High Confidentiality Loss Impact And Medium Integrity Loss Impact And Medium Availability Loss Impact For Confidentiality Integrity And Availability Of Affected Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE Immediately If Exploited In The Wild Or Publicly Accessible Exploits Exist For Affected Versions Of Linux Kernel Deployments And Assets Managed By Linux Kernel Users And Administrators To Address This CVE- 6

Recommended defensive actions

  • Update to a patched version of the Linux kernel
  • Monitor for potential exploitation
  • Review system logs for suspicious activity
  • Perform vulnerability scanning to identify potentially affected systems
  • Implement compensating controls for exposed systems
  • Conduct an asset inventory to identify Linux kernel deployments
  • Track exceptions and retest remediated assets

Evidence notes

The vulnerability was resolved by setting the workqueue type to NONE only after its resources are released. The affected versions of the Linux kernel are 5.7.10 to 5.8, 5.8.1 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11. To verify, defenders should review system logs for suspicious activity and check for potential exploitation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-22T14:16:37.530Z and has not been modified since then.