Zero Day MonitorZDM

← Back to list

—

CVE-2026-31397EXPLOITEDPATCHED

linux · linux kernel

mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()

Description

A vulnerability was found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. It has been classified as critical. Impacted is the function move_pages_huge_pmd. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-31397. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

Affected Products

Vendor	Product	Versions
linux	linux kernel	e3981db444a0a18d350d9f92e3f2e8d489b54211, e3981db444a0a18d350d9f92e3f2e8d489b54211, e3981db444a0a18d350d9f92e3f2e8d489b54211, 6.16, 6.18.19, 6.19.9, 7.0-rc4

References

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2026-31397 | Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 move_pages_huge_pmd null pointer dereference

→ No new info (linked only)

Tier C

Linux Kernel CVEs5h ago

CVE-2026-31397: mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

f3caaee0f9e489fd2282d4ce45791dc8aed2da62e3133d0986dc5a231d5419167dbac65312b28b41fae654083bfa409bb2244f390232e2be47f05bfc06.18.206.19.107.0-rc5

PublishedApr 3, 2026

Last enriched4h agov2

Trending Score60

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-31393EXP

Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access

CRITICALCVE-2026-23463EXP

soc: fsl: qbman: fix race condition in qman_destroy_fq

CRITICALCVE-2026-23472EXP

serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN

CRITICALCVE-2026-23438EXP

net: mvpp2: guard flow control update with global_tx_fc in buffer switching

CRITICALCVE-2026-23449EXP

net/sched: teql: Fix double-free in teql_master_xmit

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Actively Exploited

Apr 3, 2026

Patch Available

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 3, 2026

Version History

v2

Last enriched 4h ago

v2Tier C4h ago

Updated description with critical severity, added affected versions 6.18.19, 6.19.9, 7.0-rc4, and noted no exploit available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v15h ago

Initial creation