CVE-2026-31526

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the process bpf exit full() function where check lock is set to !curframe when calling check resource leak(). In cases where bpf throw() is called from a static subprog, this value becomes false, causing the system to skip the validation of active rcu locks, active preempt locks, and active irq id during exception exits from subprogs. Consequently, bpf throw() unwinds the stack via ORC without releasing user-acquired locks, which can lead to various system issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.