PatchSiren cyber security CVE debrief
CVE-2026-31574 Linux CVE debrief
A vulnerability in the Linux kernel's clock events subsystem could cause system stalls due to timer interrupt starvation. The issue stems from the `next_event_forced` flag not being reset in three specific scenarios: when the clock event state changes (potentially leaving the flag stale across shutdown/startup sequences), when a non-forced event is armed (preventing rearming and causing missed interrupts if the event is far in the future), and in the suspend wakeup handler. The vulnerability affects Linux kernel 7.0 and has been resolved by adding the missing flag resets. The CVSS 3.1 score of 5.5 (MEDIUM) reflects local attack vector with low attack complexity and low privileges required, resulting in high availability impact. No known exploitation in the wild has been reported, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-24
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-04-24
- Advisory updated
- 2026-05-19
Who should care
System administrators and security teams managing Linux kernel 7.0 deployments, particularly those with workloads sensitive to timer latency or systems experiencing unexplained stalls during suspend/resume operations
Technical summary
The Linux kernel's clock events subsystem contains a logic error where the `next_event_forced` flag is not properly reset in three code paths: clock event state transitions, non-forced event arming, and the suspend wakeup handler. This can lead to stale flag state that prevents proper timer rearming, resulting in missed timer interrupts and system stalls. The vulnerability is local-only with no confidentiality or integrity impact, but can cause denial of service through availability degradation.
Defensive priority
medium
Recommended defensive actions
- Apply the relevant kernel patches from the stable kernel tree to address the missing `next_event_forced` flag resets
- Monitor system logs for timer-related stalls or interrupt starvation symptoms, particularly after suspend/resume cycles or clock event state changes
- Consider upgrading to a patched kernel version when available through distribution channels
- Review systems running Linux kernel 7.0 for exposure to this vulnerability
Evidence notes
Vulnerability description and patch references sourced from NVD. Affected product identified as Linux kernel 7.0 via CPE criteria. CVSS vector confirms local attack vector with availability impact. Two kernel.org patches provided as mitigation references.
Official resources
-
CVE-2026-31574 CVE record
CVE.org
-
CVE-2026-31574 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
2026-04-24