CVE-2026-31559 - Vulnerability Details

- LoongArch: Fix missing NULL checks for kstrdup()

Description

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Fix missing NULL checks for kstrdup()

1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple
calls to "of_node_put()".

2. Fix a potential kernel oops during early boot when memory allocation
fails while parsing CPU model from device tree.

Published: 2026-04-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s early boot routine contains a flaw where a string duplication function (kstrdup()) is called without verifying that the result of a memory allocation is not NULL. If a memory allocation fails while parsing the CPU model from the device tree, the kernel dereferences a NULL pointer, leading to an oops and system crash. The weakness is classified as CWE‑476: NULL pointer dereference, which results in a denial‑of‑service by crashing the kernel during boot.

Affected Systems

Affected systems include all Linux kernel releases prior to the fix, namely versions up to 6.17 and the 7.0 release candidates rc1 through rc7. Any system running an unpatched kernel and an unmodified or potentially exploitable device tree is susceptible.

Risk and Exploitability

The vulnerability has a CVSS score of 5.5 and an EPSS score of less than 1 %. It is not listed in CISA’s KEV catalog. The likely attack vector requires local access or the ability to alter the device tree, inferred from the description that the fault occurs during early boot while parsing the device tree. Given the narrow exposure window and low exploitation probability, the overall risk is moderate, but a kernel crash remains a severe outcome.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`facc69f43502c135c16b97d5ded7253f15597912`	affected	< 5e7fde2c551f86e6c3de3fd7a9b1f52806ac8db0
`70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8`	affected	< a1da957c25cf751a2dce8fb7777f82ccbac0cb3e
`70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8`	affected	< b61a309743322fb57fb9afa9aa3495ac758e4f5e
`70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8`	affected	< 3a28daa9b7d7c2ddf2c722e9e95d7e0928bf0cd1
`620805dc674eab3055543496a7ef25beb9ffd2a8`	affected	—
`8dfeedf9eceadc1a2fc9066b4c5230690d1cad48`	affected	—

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.17:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[facc69f43502c135c16b97d5ded7253f15597912,5e7fde2c551f86e6c3de3fd7a9b1f52806ac8db0)`	affected	code_commit	—
`[70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8,a1da957c25cf751a2dce8fb7777f82ccbac0cb3e)`	affected	code_commit	—
`[70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8,b61a309743322fb57fb9afa9aa3495ac758e4f5e)`	affected	code_commit	—
`[70a2365e18affc5ebdaab1ca6a0b3c4f3aac2ee8,3a28daa9b7d7c2ddf2c722e9e95d7e0928bf0cd1)`	affected	code_commit	—
`620805dc674eab3055543496a7ef25beb9ffd2a8`	affected	code_commit	—
`8dfeedf9eceadc1a2fc9066b4c5230690d1cad48`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	semver	—
`[0,6.17)`	unaffected	semver	—
`[6.12.80,6.13.0)`	unaffected	semver	—
`[6.18.21,6.19.0)`	unaffected	semver	—
`[6.19.11,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that contains commit 3a28daa9b7d7c2ddf2c722e9e95d7e0928bf0cd1, which adds NULL checks to kstrdup() during early boot.
If an immediate kernel upgrade is not feasible, manually apply the patch from the commit to your current kernel source and rebuild the kernel, ensuring the NULL check is present before rebooting.
Review custom or third‑party drivers that call kstrdup() during boot and patch or disable them until the kernel fix is applied.

Generated by OpenCVE AI on April 28, 2026 at 20:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3a28daa9b7d7c2ddf2c722e9e95d7e0928bf0cd1
https://git.kernel.org/stable/c/5e7fde2c551f86e6c3de3fd7a9b1f52806ac8db0
https://git.kernel.org/stable/c/a1da957c25cf751a2dce8fb7777f82ccbac0cb3e
https://git.kernel.org/stable/c/b61a309743322fb57fb9afa9aa3495ac758e4f5e
https://lore.kernel.org/linux-cve-announce/2026042458-CVE-2026-31559-01e9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31559
https://www.cve.org/CVERecord?id=CVE-2026-31559

History

Mon, 27 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel:6.17:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
References		https://lore.kernel.org/linux-cve-announce/2026042458-CVE-2026-31559-01e9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31559 https://www.cve.org/CVERecord?id=CVE-2026-31559

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to "of_node_put()". 2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU model from device tree.
Title		LoongArch: Fix missing NULL checks for kstrdup()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3a28daa9b7d7c2ddf2c722e9e95d7e0928bf0cd1 https://git.kernel.org/stable/c/5e7fde2c551f86e6c3de3fd7a9b1f52806ac8db0 https://git.kernel.org/stable/c/a1da957c25cf751a2dce8fb7777f82ccbac0cb3e https://git.kernel.org/stable/c/b61a309743322fb57fb9afa9aa3495ac758e4f5e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:35:41.961Z

Updated: 2026-05-11T22:11:07.676Z

Reserved: 2026-03-09T15:48:24.116Z

Link: CVE-2026-31559

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-24T15:16:30.300

Modified: 2026-04-27T20:13:21.960

Link: CVE-2026-31559

Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31559 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T20:30:06Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object