Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback must still drain the deferred list if kthread creation never succeeds. Otherwise, boot-deferred nodes can accumulate on trigger_data_free_list, later frees fall back to synchronously freeing only the current object, and the older queued entries are leaked forever. To trigger this, add the following to the kernel command line: trace_event=sched_switch trace_trigger=sched_switch.traceon,sched_switch.traceon The second traceon trigger will fail and be freed. This triggers a NULL pointer dereference and crashes the kernel. Keep the deferred boot-time behavior, but when kthread creation fails, drain the whole queued list synchronously. Do the same in the late-init drain path so queued entries are not stranded there either.

INFO

Published Date :

2026-04-22T13:54:08.236Z

Last Modified :

2026-04-22T13:54:08.236Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31481 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31481.

URL Resource
https://git.kernel.org/stable/c/250ab25391edeeab8462b68be42e4904506c409c cve-icon cve-icon
https://git.kernel.org/stable/c/771624b7884a83bb9f922ae64ee41a5f8b7576c9 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026042258-CVE-2026-31481-390e@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31481 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31481 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System