PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31447 Linux CVE debrief

A vulnerability was found in the Linux kernel, specifically in the ext4 filesystem. The CVE record was published on 2026-04-22T14:16:38.577Z and has not been modified since then. The NVD entry is currently Modified. The vulnerability has a high CVSS score of 7.8 and is classified as HIGH severity. The issue arises from bigalloc with s_first_data_block != 0, which is not supported. Users of Linux kernel versions 3.2 to 7.0 (rc5) should be aware of this vulnerability.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-07-14
Advisory published
2026-04-22
Advisory updated
2026-07-14

Who should care

Users of Linux kernel versions 3.2 to 7.0 (rc5) should be aware of this vulnerability. Specifically, versions 3.2 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11 are affected. Operators, platform administrators, vulnerability management teams, and security teams should prioritize patching.

Technical summary

The Linux kernel has a vulnerability in the ext4 filesystem that has been resolved. The issue is related to bigalloc with s_first_data_block != 0, which is not supported and causes the mount to be rejected. The CVSS score is 7.8 and the severity is HIGH. Affected Linux kernel versions include 3.2 to 5.10.253, 5.11 to 5.15.203, 5.16 to 6.1.168, 6.2 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, and 6.19 to 6.19.11. Users should apply patches from Linux kernel stable branches.

Defensive priority

High priority should be given to patching Linux kernel versions 3.2 to 7.0 (rc5) as the vulnerability has a high CVSS score of 7.8.

Recommended defensive actions

  • Inventory and assess Linux kernel versions in use
  • Apply patches from Linux kernel stable branches
  • Monitor Linux kernel for any new patches or updates
  • Consider compensating controls for affected systems
  • Review and verify affected scope and severity with Linux kernel maintainers
  • Track exceptions and retest remediated assets
  • Check relevant monitoring, detection, and logs for exposed assets

Evidence notes

The CVE record was published on 2026-04-22T14:16:38.577Z and has not been modified since then. The NVD entry is currently Modified. The vulnerability affects Linux kernel versions 3.2 to 7.0 (rc5). Evidence is limited to public sources and may not be comprehensive. Defenders should verify affected scope and severity with Linux kernel maintainers and consider compensating controls.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-22T14:16:38.577Z and has not been modified since then. The NVD entry is currently Modified.