CVE-2026-31523 - Vulnerability Details

- nvme-pci: ensure we're polling a polled queue

Description

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: ensure we're polling a polled queue

A user can change the polled queue count at run time. There's a brief
window during a reset where a hipri task may try to poll that queue
before the block layer has updated the queue maps, which would race with
the now interrupt driven queue and may cause double completions.

Published: 2026-04-22

Score: 7.0 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 965e2c943f065122f14282a88d70a8a92e12a4da
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ba167d5982e2eb6ff9356d409eca592ce99555da
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 0685dd9cb855ab77fcf3577b4702ba1d6df1c98d
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 6f12734c4b619f923a4df0b1a46b8098b187d324
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< acbc72dd1a09df53cafcf577259f4678be6afd6d
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b222680ba55e018426c4535067a008f1d81a5d21
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 166e31d7dbf6aa44829b98aa446bda5c9580f12a

Linux

affected

Version	Status	Constraints
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.131`	unaffected	≤ 6.6.*
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,965e2c943f065122f14282a88d70a8a92e12a4da)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ba167d5982e2eb6ff9356d409eca592ce99555da)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0685dd9cb855ab77fcf3577b4702ba1d6df1c98d)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,6f12734c4b619f923a4df0b1a46b8098b187d324)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,acbc72dd1a09df53cafcf577259f4678be6afd6d)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b222680ba55e018426c4535067a008f1d81a5d21)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,166e31d7dbf6aa44829b98aa446bda5c9580f12a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.253,5.10.*]`	unaffected	generic	—
`[5.15.203,5.15.*]`	unaffected	generic	—
`[6.1.168,6.1.*]`	unaffected	generic	—
`[6.6.131,6.6.*]`	unaffected	generic	—
`[6.12.80,6.12.*]`	unaffected	generic	—
`[6.18.21,6.18.*]`	unaffected	generic	—
`[6.19.11,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d
https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a
https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324
https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da
https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d
https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21
https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3
https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da
https://lore.kernel.org/linux-cve-announce/2026042212-CVE-2026-31523-1f48@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31523
https://www.cve.org/CVERecord?id=CVE-2026-31523

History

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-367
References		https://lore.kernel.org/linux-cve-announce/2026042212-CVE-2026-31523-1f48@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31523 https://www.cve.org/CVERecord?id=CVE-2026-31523
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue maps, which would race with the now interrupt driven queue and may cause double completions.
Title		nvme-pci: ensure we're polling a polled queue
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324 https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21 https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3 https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:54:37.568Z

Updated: 2026-04-22T13:54:37.568Z

Reserved: 2026-03-09T15:48:24.110Z

Link: CVE-2026-31523

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-22T14:16:52.263

Modified: 2026-04-22T14:16:52.263

Link: CVE-2026-31523

Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31523 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-22T20:15:20Z

Weaknesses

CWE-367

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object