CVE-2026-31451

Source
https://cve.org/CVERecord?id=CVE-2026-31451
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31451.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31451
Downstream
Published
2026-04-22T13:53:46.243Z
Modified
2026-06-18T03:54:33.076844665Z
Summary
ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: replace BUGON with proper error handling in ext4readinlinefolio

Replace BUGON() with proper error handling when inline data size exceeds PAGESIZE. This prevents kernel panic and allows the system to continue running while properly reporting the filesystem corruption.

The error is logged via ext4errorinode(), the buffer head is released to prevent memory leak, and -EFSCORRUPTED is returned to indicate filesystem corruption.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31451.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
46c7f254543dedcf134ad05091ed2b935a9a597d
Fixed
65c6c30ce6362c1c684568744ea510c921a756cd
Fixed
d4b3f370c3d8f7ce565d4a718572c9f7c12f77ed
Fixed
823849a26af089ffc5dfdd2ae4b9d446b46a0cda
Fixed
a7d600e04732a7d29b107c91fe3aec64cf6ce7f2
Fixed
356227096eb66e41b23caf7045e6304877322edf

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31451.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
6.6.131
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.80
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.21
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.11

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31451.json"