HOMEVULNERABILITIESCVE-2026-31552
HIGH

CVE-2026-31552

Published: April 24, 2026· Updated: Apr 27, 2026

7.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:6.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom

Since upstream commit e75665dd0968 ("wifi: wlcore: ensure skb headroom

before skb_push"), wl1271_tx_allocate() and with it

wl1271_prepare_tx_frame() returns -EAGAIN if pskb_expand_head() fails.

However, in wlcore_tx_work_locked(), a return value of -EAGAIN from

wl1271_prepare_tx_frame() is interpreted as the aggregation buffer being

full. This causes the code to flush the buffer, put the skb back at the

head of the queue, and immediately retry the same skb in a tight while

loop.

Because wlcore_tx_work_locked() holds wl->mutex, and the retry happens

immediately with GFP_ATOMIC, this will result in an infinite loop and a

CPU soft lockup. Return -ENOMEM instead so the packet is dropped and

the loop terminates.

The problem was found by an experimental code review agent based on

gemini-3.1-pro while reviewing backports into v6.18.y.

NVD Source

Technical Analysis

CVE-2026-31552 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 7.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 3 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (8)

Quick Facts

CVE IDCVE-2026-31552
CVSS Score7.5 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedApr 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31552 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.