CVE-2026-31596

Source
https://cve.org/CVERecord?id=CVE-2026-31596
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31596.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31596
Downstream
Related
Published
2026-04-24T14:42:22.003Z
Modified
2026-07-03T18:29:24.180491039Z
Summary
ocfs2: handle invalid dinode in ocfs2_group_extend
Details

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: handle invalid dinode in ocfs2groupextend

[BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:ocfs2groupextend+0x10aa/0x1ae0 fs/ocfs2/resize.c:308 Code: 8b8520ff ffff83f8 860f8580 030000e8 5cc3c1fe Call Trace: ... ocfs2ioctl+0x175/0x6e0 fs/ocfs2/ioctl.c:869 vfsioctl fs/ioctl.c:51 [inline] __dosysioctl fs/ioctl.c:597 [inline] __sesysioctl fs/ioctl.c:583 [inline] _x64sysioctl+0x197/0x1e0 fs/ioctl.c:583 x64syscall+0x1144/0x26a0 arch/x86/include/generated/asm/syscalls64.h:17 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0x93/0xf80 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x76/0x7e ...

[CAUSE] ocfs2groupextend() assumes that the global bitmap inode block returned from ocfs2inodelock() has already been validated and BUG_ONs when the signature is not a dinode. That assumption is too strong for crafted filesystems because the JBD2-managed buffer path can bypass structural validation and return an invalid dinode to the resize ioctl.

[FIX] Validate the dinode explicitly in ocfs2groupextend(). If the global bitmap buffer does not contain a valid dinode, report filesystem corruption with ocfs2_error() and fail the resize operation instead of crashing the kernel.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31596.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
10995aa2451afa20b721cc7de856cae1a13dba57
Fixed
7eafcf507fbd68f3276c00f6c02ef155ad69f79b
Fixed
fabfa6b81bd386154d7e59f8cd8f760f9e68b48c
Fixed
b328d8e7c437d0f026ba2c13788af6eae77700f1
Fixed
6575f9fbf084502b7118a628425bf7866666498d
Fixed
911b557dd7817460881fd51a03069b539c674d0e
Fixed
e384a850a3370d89a7a446cdeccd964bfba2a302
Fixed
10fb72c47aac446f12a4ccd962c7daa60cc890a1
Fixed
41c6e9bc3a09539deab43957a3211d902a4818f0
Fixed
4a1c0ddc6e7bcf2e9db0eeaab9340dcfe97f448f

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31596.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.29
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.136
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.83
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.24
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.14
Type
ECOSYSTEM
Events
Introduced
6.20.0
Fixed
7.0.1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31596.json"