Description
In the Linux kernel, the following vulnerability has been resolved:

x86/platform/uv: Handle deconfigured sockets

When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes
a panic while allocating UV hub info structures.

Fix this by using NUMA_NO_NODE, allowing UV hub info structures to be
allocated on valid nodes.
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A flaw in the Linux kernel’s x86 platform UV driver causes a panic when a socket is deconfigured, because the socket is mapped to the special value SOCK_EMPTY (0xffff). During allocation of UV hub information structures this mapping leads to an invalid reference, triggering a kernel crash. The result is a system‑wide denial of service, as the kernel stops responding after the panic. The weakness matches CWE‑386, typically indicating an issue with incorrect handling of values leading to errors such as panics.

Affected Systems

Hardware sockets running the Linux kernel that include the x86/UV platform are affected. No specific kernel release numbers are listed; any kernel build that implements the vulnerable UV driver before the fix is potentially impacted. Operators should verify whether their current kernel version contains the fix from the listed kernel commit references.

Risk and Exploitability

With a CVSS score of 5.5 the vulnerability presents a moderate risk. The EPSS score is below 1 % and the issue is not listed in CISA’s KEV catalog, so the likelihood of exploitation is low. Likely attack vectors would require local access or the ability to force a deconfiguration of a UV socket, though the exact method is not detailed in the advisory. The impact remains availability‑only, causing a crash rather than data compromise.

Generated by OpenCVE AI on April 28, 2026 at 23:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system to a Linux kernel version that incorporates the fix for the UV socket deconfiguration bug.
  • If a packaged kernel update is not yet available from your distribution, extract and apply the backported patch from the kernel repository to your build.
  • While awaiting an official update, monitor for kernel panic logs related to UV sockets and consider disabling or limiting the use of UV sockets until the patch is applied.

Generated by OpenCVE AI on April 28, 2026 at 23:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Tue, 28 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-386
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes a panic while allocating UV hub info structures. Fix this by using NUMA_NO_NODE, allowing UV hub info structures to be allocated on valid nodes.
Title x86/platform/uv: Handle deconfigured sockets
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:10:47.496Z

Reserved: 2026-03-09T15:48:24.114Z

Link: CVE-2026-31542

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:28.237

Modified: 2026-04-28T18:48:31.783

Link: CVE-2026-31542

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31542 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:00:13Z

Weaknesses