CVE-2026-31400

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's sunrpc component related to a cache request leak within the cache release function. When a reader's file descriptor is closed during a cache request read operation, the request's reader count is decremented, but the request is not always freed. This can lead to a memory leak if the request is not properly cleaned up, particularly when the CACHE PENDING flag is clear. The issue arises because the cleanup logic present in cache read() is missing from cache release().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-772

Related Identifiers

BDU:2026-05764

CVE-2026-31400

ECHO-8C3A-FDC5-712D

OESA-2026-2075

OESA-2026-2077

Affected Products

Linux Kernel

CVE-2026-31400

Weakness Enumeration

Related Identifiers

Affected Products

References · 36