VulnerabilityALERT Critical

CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Impact

CISA lists CVE-2026-31431 as known exploited in the wild for Linux Kernel. Ransomware campaign use: Unknown. Federal remediation due date: 2026-05-15.

Recommended Action

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Published: 5/1/2026, 12:00:00 AMSource: CISA Known Exploited Vulnerabilities CatalogTags: CVE-2026-31431, Linux, Kernel, CISA KEV, CWE-669