CVE-2026-31523
Published: April 23, 2026Last modified: April 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue maps, which would race with the now interrupt driven queue and may cause double completions.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.7 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.168-r0) |
| 25 LTS | linux-lts | Fixed (6.12.80-r0) | |
| Stream | linux-lts | Fixed (6.12.80-r0) |
References
- https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d
- https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a
- https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324
- https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da
- https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d
- https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21
- https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3
- https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da