CVE-2026-31589
EUVD-2026-2548224.04.2026, 15:16
In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or hold a lock on) the mapping. Otherwise, we've already removed the folio from the mapping so it no longer pins the mapping and the mapping can be removed, causing a use-after-free when accessing mapping->a_ops. Follow the same pattern as __remove_mapping() and load the free_folio function pointer before dropping the lock on the mapping. That lets us make filemap_free_folio() static as this was the only caller outside filemap.c.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 6.14 ≤ 𝑥 < 6.19.14 |
| linux | linux_kernel | 7.0 ≤ 𝑥 < 7.0.1 |
𝑥
= Vulnerable software versions
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| bpftool6.18 |
| ||
| bpftool6.18-debuginfo |
| ||
| kernel-livepatch-6.18.30-61.116 |
| ||
| kernel6.18 |
| ||
| kernel6.18-debuginfo |
| ||
| kernel6.18-debuginfo-common-aarch64 |
| ||
| kernel6.18-debuginfo-common-x86_64 |
| ||
| kernel6.18-devel |
| ||
| kernel6.18-headers |
| ||
| kernel6.18-modules-extra |
| ||
| kernel6.18-modules-extra-common |
| ||
| kernel6.18-tools |
| ||
| kernel6.18-tools-debuginfo |
| ||
| kernel6.18-tools-devel |
| ||
| perf6.18 |
| ||
| perf6.18-debuginfo |
| ||
| python3-perf6.18 |
| ||
| python3-perf6.18-debuginfo |
|
Common Weakness Enumeration
Vulnerability Media Exposure