CVE-2026-31514 - Vulnerability Details

- erofs: set fileio bio failed in short read case

Description

In the Linux kernel, the following vulnerability has been resolved:

erofs: set fileio bio failed in short read case

For file-backed mount, IO requests are handled by vfs_iocb_iter_read().
However, it can be interrupted by SIGKILL, returning the number of
bytes actually copied. Unused folios in bio are unexpectedly marked
as uptodate.

vfs_read
filemap_read
filemap_get_pages
filemap_readahead
erofs_fileio_readahead
erofs_fileio_rq_submit
vfs_iocb_iter_read
filemap_read
filemap_get_pages <= detect signal
erofs_fileio_ki_complete <= set all folios uptodate

This patch addresses this by setting short read bio with an error
directly.

Published: 2026-04-22

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability arises in the Linux kernel's erofs filesystem when a short read operation is interrupted by a SIGKILL signal. The kernel incorrectly marks unused folios in the bio structure as uptodate, effectively allowing potentially stale or uninitialized data to be returned to the caller. The bug could be leveraged by an attacker to obtain data beyond the requested read boundaries or to influence program flow based on corrupted file data, resulting in information exposure or subtle integrity violations.

Affected Systems

All Linux kernel builds that contain the erofs filesystem and do not yet incorporate the recent fix are affected. No specific kernel version was provided; the issue is present in any build where the vfs_iocb_iter_read path and erofs_fileio_readahead logic are unpatched.

Risk and Exploitability

The CVSS score and EPSS are currently unavailable, and the bug is not listed in CISA’s KEV catalog. The attack vector is likely local, requiring the ability to mount an erofs filesystem and initiate a read operation that can be interrupted. While the flaw does not provide remote code execution capabilities, its traversal into uninitialized memory may allow privileged local users to read sensitive files or corrupt internal kernel structures. System administrators should treat the risk as moderate, focusing on patch deployment and limiting exposure on untrusted hosts.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`8d582d65d20bb4796db01b19e86909ad68cb337b`	affected	< d1ba7d6b3cd1757b108d7b6856c92ae661d6c323
`e49abde0ffc382a967b24f326d1614ac3bb06a94`	affected	< 5cf3972c8221abdb1b464a14ccf8103d840b9085
`fe4039034dcdf584afbf763787909e28e92a4927`	affected	< 5a5f23ef5431639db1ac3a0b274aef3a84cc413c
`bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc`	affected	< eade54040384f54b7fb330e4b0975c5734850b3c

Linux

unaffected

Version	Status	Constraints
`6.12.75`	affected	< 6.12.80
`6.18.14`	affected	< 6.18.21
`6.19.4`	affected	< 6.19.11

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[8d582d65d20bb4796db01b19e86909ad68cb337b,d1ba7d6b3cd1757b108d7b6856c92ae661d6c323)`	affected	code_commit	—
`[e49abde0ffc382a967b24f326d1614ac3bb06a94,5cf3972c8221abdb1b464a14ccf8103d840b9085)`	affected	code_commit	—
`[fe4039034dcdf584afbf763787909e28e92a4927,5a5f23ef5431639db1ac3a0b274aef3a84cc413c)`	affected	code_commit	—
`[bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc,eade54040384f54b7fb330e4b0975c5734850b3c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.12.75,6.12.80)`	affected	semver	—
`[6.18.14,6.18.21)`	affected	semver	—
`[6.19.4,6.19.11)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the erofs short‑read fix (e.g., apply the patch referenced in the cgit commit URLs).
Restrict mounting of file‑backed erofs filesystems to trusted users and avoid exposing them to untrusted code paths.
If an immediate upgrade is not possible, isolate the affected filesystem by mounting it read‑only or temporarily disabling it while monitoring for anomalous read behavior.

Generated by OpenCVE AI on April 22, 2026 at 18:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c
https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085
https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323
https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c
https://lore.kernel.org/linux-cve-announce/2026042209-CVE-2026-31514-510b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31514
https://www.cve.org/CVERecord?id=CVE-2026-31514

History

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-364
References		https://lore.kernel.org/linux-cve-announce/2026042209-CVE-2026-31514-510b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31514 https://www.cve.org/CVERecord?id=CVE-2026-31514
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 22 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200 CWE-788

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in short read case For file-backed mount, IO requests are handled by vfs_iocb_iter_read(). However, it can be interrupted by SIGKILL, returning the number of bytes actually copied. Unused folios in bio are unexpectedly marked as uptodate. vfs_read filemap_read filemap_get_pages filemap_readahead erofs_fileio_readahead erofs_fileio_rq_submit vfs_iocb_iter_read filemap_read filemap_get_pages <= detect signal erofs_fileio_ki_complete <= set all folios uptodate This patch addresses this by setting short read bio with an error directly.
Title		erofs: set fileio bio failed in short read case
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/5a5f23ef5431639db1ac3a0b274aef3a84cc413c https://git.kernel.org/stable/c/5cf3972c8221abdb1b464a14ccf8103d840b9085 https://git.kernel.org/stable/c/d1ba7d6b3cd1757b108d7b6856c92ae661d6c323 https://git.kernel.org/stable/c/eade54040384f54b7fb330e4b0975c5734850b3c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:54:31.531Z

Updated: 2026-04-22T13:54:31.531Z

Reserved: 2026-03-09T15:48:24.107Z

Link: CVE-2026-31514

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:16:50.810

Modified: 2026-04-23T16:17:41.280

Link: CVE-2026-31514

Redhat

Severity : Low

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31514 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-22T18:45:24Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object