HOMEVULNERABILITIESCVE-2026-31742
HIGH

CVE-2026-31742

Published: May 1, 2026· Updated: May 7, 2026

7.8
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:1.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

vt: discard stale unicode buffer on alt screen exit after resize

When enter_alt_screen() saves vc_uni_lines into vc_saved_uni_lines and

sets vc_uni_lines to NULL, a subsequent console resize via vc_do_resize()

skips reallocating the unicode buffer because vc_uni_lines is NULL.

However, vc_saved_uni_lines still points to the old buffer allocated for

the original dimensions.

When leave_alt_screen() later restores vc_saved_uni_lines, the buffer

dimensions no longer match vc_rows/vc_cols. Any operation that iterates

over the unicode buffer using the current dimensions (e.g. csi_J clearing

the screen) will access memory out of bounds, causing a kernel oops:

BUG: unable to handle page fault for address: 0x0000002000000020

RIP: 0010:csi_J+0x133/0x2d0

The faulting address 0x0000002000000020 is two adjacent u32 space

characters (0x20) interpreted as a pointer, read from the row data area

past the end of the 25-entry pointer array in a buffer allocated for

80x25 but accessed with 240x67 dimensions.

Fix this by checking whether the console dimensions changed while in the

alternate screen. If they did, free the stale saved buffer instead of

restoring it. The unicode screen will be lazily rebuilt via

vc_uniscr_check() when next needed.

NVD Source

Technical Analysis

CVE-2026-31742 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-31742
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.01%
Affected1 vendor
PublishedMay 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31742 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.