CVE-2026-31413

Published: Apr 12, 2026 Last Modified: Apr 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR

maybe_fork_scalars() is called for both BPF_AND and BPF_OR when the
source operand is a constant. When dst has signed range [-1, 0], it
forks the verifier state: the pushed path gets dst = 0, the current
path gets dst = -1.

For BPF_AND this is correct: 0 & K == 0.
For BPF_OR this is wrong: 0 | K == K, not 0.

The pushed path therefore tracks dst as 0 when the runtime value is K,
producing an exploitable verifier/runtime divergence that allows
out-of-bounds map access.

Fix this by passing env->insn_idx (instead of env->insn_idx + 1) to
push_stack(), so the pushed path re-executes the ALU instruction with
dst = 0 and naturally computes the correct result for any opcode.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0001

Percentile

0,0th

Updated

EPSS Score Trend (Last 5 Days)

https://git.kernel.org/stable/c/342aa1ee995ef5bbf876096dc3a…

https://git.kernel.org/stable/c/342aa1ee995ef5bbf876096dc3a5e51218d76fa4

https://git.kernel.org/stable/c/58bd87d0e69204dbd739e4387a1…

https://git.kernel.org/stable/c/58bd87d0e69204dbd739e4387a1edb0c4b1644e7

https://git.kernel.org/stable/c/c845894ebd6fb43226b3118d6b0…

https://git.kernel.org/stable/c/c845894ebd6fb43226b3118d6b017942550910c5

https://git.kernel.org/stable/c/d13281ae7ea8902b21d99d10a2c…

https://git.kernel.org/stable/c/d13281ae7ea8902b21d99d10a2c8caf0bdec0455

CVE-2026-31413

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 5 Days)

Iscriviti alla newsletter