Description
In the Linux kernel, the following vulnerability has been resolved:

futex: Require sys_futex_requeue() to have identical flags

Nicholas reported that his LLM found it was possible to create a UaF
when sys_futex_requeue() is used with different flags. The initial
motivation for allowing different flags was the variable sized futex,
but since that hasn't been merged (yet), simply mandate the flags are
identical, as is the case for the old style sys_futex() requeue
operations.
Published: 2026-04-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Use‑After‑Free in the Linux kernel
Action: Patch Now
AI Analysis

Impact

Calling sys_futex_requeue() with mismatched flags in the Linux kernel can trigger a use‑after‑free error, corrupting kernel memory and potentially allowing an attacker to gain arbitrary code execution or escalated privileges. The defect is characterized by CWE‑416.

Affected Systems

The vulnerability affects all Linux kernel releases that include the buggy sys_futex_requeue implementation, specifically kernel 6.7 and all 7.0 release candidate stages (rc1 through rc7).

Risk and Exploitability

The CVSS score of 7.8 indicates a moderately high severity level, while the EPSS score of less than 1% suggests a low likelihood of current exploitation. Because the vulnerability is not listed in CISA KEV, no widespread exploitation has been observed. The attack vector is likely local: an attacker must invoke sys_futex_requeue() with non‑identical flags, a condition that can be abused to corrupt kernel memory and potentially achieve privilege escalation or denial of service. Applying the patch that enforces identical flags eliminates this risk.

Generated by OpenCVE AI on April 28, 2026 at 14:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that enforces identical flags for sys_futex_requeue() (e.g., the latest stable release from the upstream repository).
  • Audit and modify any system code that calls sys_futex_requeue() to ensure that all flag arguments are identical, preventing the use‑after‑free condition.
  • Verify that any system services or libraries interacting with futex use matching flags and adjust them to comply after patching.

Generated by OpenCVE AI on April 28, 2026 at 14:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CPEs cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: futex: Require sys_futex_requeue() to have identical flags Nicholas reported that his LLM found it was possible to create a UaF when sys_futex_requeue() is used with different flags. The initial motivation for allowing different flags was the variable sized futex, but since that hasn't been merged (yet), simply mandate the flags are identical, as is the case for the old style sys_futex() requeue operations.
Title futex: Require sys_futex_requeue() to have identical flags
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:11:01.744Z

Reserved: 2026-03-09T15:48:24.115Z

Link: CVE-2026-31554

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:29.730

Modified: 2026-04-27T20:14:55.107

Link: CVE-2026-31554

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31554 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:30:33Z

Weaknesses