CVE-2026-31523

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue maps, which would race with the now interrupt driven queue and may cause double completions.

CVSS v3.1 Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.02%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-367 CWE-367

Affected Products

Vendor	Product	Versions
linux	linux_kernel	5.0 — 5.10.253
linux	linux_kernel	5.11 — 5.15.203
linux	linux_kernel	5.16 — 6.1.168
linux	linux_kernel	6.2 — 6.6.131
linux	linux_kernel	6.7 — 6.12.80
linux	linux_kernel	6.13 — 6.18.21
linux	linux_kernel	6.19 — 6.19.11
linux	linux_kernel	All
linux	linux_kernel	All

References

Advisories & Patches

https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324 https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21 https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3 https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da

Frequently Asked Questions

What is CVE-2026-31523? +

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue maps, which would race with the now interrupt driven queue and may cause double completions. It has a CVSS v3.1 base score of 4.7 (MEDIUM).

How severe is CVE-2026-31523? +

CVE-2026-31523 has a CVSS v3.1 score of 4.7 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-31523? +

CVE-2026-31523 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-31523? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-5958

When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations …

CVE-2026-42336

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) …

CVE-2025-26620

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition …

CVE-2024-53694

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could …

CVE-2025-32784

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race …

CVE-2025-34027

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at …