CISA has added CVE‑2026‑31431 to its Known Exploited Vulnerabilities catalogue, affecting the Linux kernel produced by the Linux vendor. The vulnerability, named Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability, allows an attacker to escalate privileges on an impacted system.
The flaw stems from an incorrect transfer of resources between security spheres within the kernel, enabling local code execution with elevated privileges. It is rated as HIGH with a CVSS v3.1 score of 7.8, and a patch is available from the vendor. The attack vector is local, requiring the attacker to have some level of access to the target system before exploiting the weakness.
Because the entry appears in the KEV catalogue, active exploitation has been confirmed in the wild. No known ransomware campaign has been linked to this CVE at this time. CISA has set a remediation deadline of 15 May 2026 for federal civilian executive branch agencies to address the issue.
CISA’s required action is to “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” While this directive binds FCEB agencies, all organisations should review their Linux kernel deployments and apply the available patch or mitigations as soon as practicable.
For full technical details, refer to the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-31431 and the CISA KEV catalogue.