HOMEVULNERABILITIESCVE-2026-31541
HIGH

CVE-2026-31541

Published: April 24, 2026· Updated: Apr 28, 2026

7.8
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix trace_marker copy link list updates

When the "copy_trace_marker" option is enabled for an instance, anything

written into /sys/kernel/tracing/trace_marker is also copied into that

instances buffer. When the option is set, that instance's trace_array

descriptor is added to the marker_copies link list. This list is protected

by RCU, as all iterations uses an RCU protected list traversal.

When the instance is deleted, all the flags that were enabled are cleared.

This also clears the copy_trace_marker flag and removes the trace_array

descriptor from the list.

The issue is after the flags are called, a direct call to

update_marker_trace() is performed to clear the flag. This function

returns true if the state of the flag changed and false otherwise. If it

returns true here, synchronize_rcu() is called to make sure all readers

see that its removed from the list.

But since the flag was already cleared, the state does not change and the

synchronization is never called, leaving a possible UAF bug.

Move the clearing of all flags below the updating of the copy_trace_marker

option which then makes sure the synchronization is performed.

Also use the flag for checking the state in update_marker_trace() instead

of looking at if the list is empty.

NVD Source

Technical Analysis

CVE-2026-31541 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-31541
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedApr 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31541 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.