Zero Day MonitorZDM

← Back to list

—

CVE-2026-31397EXPLOITEDPATCHED

linux · linux kernel

mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()

Description

A vulnerability was found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. It has been classified as critical. Impacted is the function move_pages_huge_pmd. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-31397. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

Affected Products

Vendor	Product	Versions
linux	linux kernel	e3981db444a0a18d350d9f92e3f2e8d489b54211, e3981db444a0a18d350d9f92e3f2e8d489b54211, e3981db444a0a18d350d9f92e3f2e8d489b54211, 6.16, 6.18.19, 6.19.9, 7.0-rc4

References

Related News (2 articles)

Tier C

VulDB4h ago

CVE-2026-31397 | Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 move_pages_huge_pmd null pointer dereference

→ No new info (linked only)

Tier C

Linux Kernel CVEs5h ago

CVE-2026-31397: mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

f3caaee0f9e489fd2282d4ce45791dc8aed2da62e3133d0986dc5a231d5419167dbac65312b28b41fae654083bfa409bb2244f390232e2be47f05bfc06.18.206.19.107.0-rc5

PublishedApr 3, 2026

Last enriched4h agov2

Trending Score60

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-23461EXP

Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user

CRITICALCVE-2026-23475EXP

spi: fix statistics allocation

CRITICALCVE-2026-23452EXP

PM: runtime: Fix a race condition related to device removal

CRITICALCVE-2026-23443EXP

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

CRITICALCVE-2026-23467EXP

drm/i915/dmc: Fix an unlikely NULL pointer deference at probe

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Actively Exploited

Apr 3, 2026

Patch Available

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Updated: description, affectedVersions, severity, activelyExploited

Apr 3, 2026

Version History

v2

Last enriched 4h ago

v2Tier C4h ago

Updated description with critical severity, added affected versions 6.18.19, 6.19.9, 7.0-rc4, and noted no exploit available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v15h ago

Initial creation