CVE-2026-31514 - Vulnerability Details

- erofs: set fileio bio failed in short read case

Description

In the Linux kernel, the following vulnerability has been resolved:

erofs: set fileio bio failed in short read case

For file-backed mount, IO requests are handled by vfs_iocb_iter_read().
However, it can be interrupted by SIGKILL, returning the number of
bytes actually copied. Unused folios in bio are unexpectedly marked
as uptodate.

vfs_read
filemap_read
filemap_get_pages
filemap_readahead
erofs_fileio_readahead
erofs_fileio_rq_submit
vfs_iocb_iter_read
filemap_read
filemap_get_pages <= detect signal
erofs_fileio_ki_complete <= set all folios uptodate

This patch addresses this by setting short read bio with an error
directly.

Published: 2026-04-22

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The erofs filesystem in the Linux kernel contains a flaw that occurs when a file‑backed mount is read and the read operation is interrupted by a SIGKILL signal. In the error handling path, unused folios in the bio are incorrectly marked as up‑to‑date. As a result, the kernel may treat those pages as containing valid data even though they have not been fully read. This mis‑labeling can cause applications to read stale or uninitialized data, potentially leading to incorrect program behavior.

Affected Systems

All Linux kernel releases that have not incorporated the recent erofs commit sequence are affected. The CVE data does not list specific kernel versions, so any kernel without those commits is at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require a local user who can trigger a read on a file‑backed erofs filesystem and cause an interrupt; once the issue triggers, the user may observe incorrect data from the kernel. No evidence of remote code execution or denial of service is present in the available information.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`8d582d65d20bb4796db01b19e86909ad68cb337b`	affected	< d1ba7d6b3cd1757b108d7b6856c92ae661d6c323
`e49abde0ffc382a967b24f326d1614ac3bb06a94`	affected	< 5cf3972c8221abdb1b464a14ccf8103d840b9085
`fe4039034dcdf584afbf763787909e28e92a4927`	affected	< 5a5f23ef5431639db1ac3a0b274aef3a84cc413c
`bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc`	affected	< eade54040384f54b7fb330e4b0975c5734850b3c

Linux

unaffected

Version	Status	Constraints
`6.12.75`	affected	< 6.12.80
`6.18.14`	affected	< 6.18.21
`6.19.4`	affected	< 6.19.11

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[8d582d65d20bb4796db01b19e86909ad68cb337b,d1ba7d6b3cd1757b108d7b6856c92ae661d6c323)`	affected	code_commit	—
`[e49abde0ffc382a967b24f326d1614ac3bb06a94,5cf3972c8221abdb1b464a14ccf8103d840b9085)`	affected	code_commit	—
`[fe4039034dcdf584afbf763787909e28e92a4927,5a5f23ef5431639db1ac3a0b274aef3a84cc413c)`	affected	code_commit	—
`[bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc,eade54040384f54b7fb330e4b0975c5734850b3c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.12.75,6.12.80)`	affected	semver	—
`[6.18.14,6.18.21)`	affected	semver	—
`[6.19.4,6.19.11)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the kernel patch that implements the short‑read bio error handling as referenced in the commit URLs.
Restrict the users who can mount file‑backed erofs filesystems to trusted accounts or isolate mounts within a restricted security context.
If the patch is not yet available, mount the affected filesystem as read‑only or disable erofs support until the fix is applied.

Generated by OpenCVE AI on April 29, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c
https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085
https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323
https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c
https://lore.kernel.org/linux-cve-announce/2026042209-CVE-2026-31514-510b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31514
https://www.cve.org/CVERecord?id=CVE-2026-31514

History

Wed, 29 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200 CWE-788

Tue, 28 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-364
References		https://lore.kernel.org/linux-cve-announce/2026042209-CVE-2026-31514-510b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31514 https://www.cve.org/CVERecord?id=CVE-2026-31514
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 22 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200 CWE-788

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in bio are unexpectedly marked as uptodate. vfs_read filemap_read filemap_get_pages filemap_readahead erofs_fileio_readahead erofs_fileio_rq_submit vfs_iocb_iter_read filemap_read filemap_get_pages <= detect signal erofs_fileio_ki_complete <= set all folios uptodate This patch addresses this by setting short read bio with an error directly.
Title		erofs: set fileio bio failed in short read case
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085 https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323 https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:54:31.531Z

Updated: 2026-05-11T22:10:16.061Z

Reserved: 2026-03-09T15:48:24.107Z

Link: CVE-2026-31514

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-22T14:16:50.810

Modified: 2026-04-28T16:19:39.717

Link: CVE-2026-31514

Redhat

Severity : Low

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31514 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-29T04:00:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object