CVE-2026-31397

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained an issue within the mm/huge memory component, specifically in the move pages huge pmd() function. This function incorrectly handled NULL folios when processing huge zero pages, potentially leading to a bogus Physical Frame Number (PFN) being installed or a NULL dereference. The issue stemmed from using a NULL folio as a sentinel, which, when combined with SPARSEMEM VMEMMAP, resulted in a PMD pointing to non-existent memory. Additionally, the reconstruction of the destination PMD in the huge zero page branch dropped PMD state, potentially corrupting the refcount. The fix involves using page folio() to obtain the valid huge zero folio and deriving the destination entry from src pmdval after pmdp huge clear flush(), handling PMD metadata similarly to move huge pmd().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.