CVE-2026-31514: Linux Kernel erofs Short Read Bio UPTO Flag Leak
CVE-2026-31514 Published on April 22, 2026
erofs: set fileio bio failed in short read case
In the Linux kernel, the following vulnerability has been resolved:
erofs: set fileio bio failed in short read case
For file-backed mount, IO requests are handled by vfs_iocb_iter_read().
However, it can be interrupted by SIGKILL, returning the number of
bytes actually copied. Unused folios in bio are unexpectedly marked
as uptodate.
vfs_read
filemap_read
filemap_get_pages
filemap_readahead
erofs_fileio_readahead
erofs_fileio_rq_submit
vfs_iocb_iter_read
filemap_read
filemap_get_pages <= detect signal
erofs_fileio_ki_complete <= set all folios uptodate
This patch addresses this by setting short read bio with an error
directly.
Products Associated with CVE-2026-31514
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 8d582d65d20bb4796db01b19e86909ad68cb337b and below d1ba7d6b3cd1757b108d7b6856c92ae661d6c323 is affected.
- Version e49abde0ffc382a967b24f326d1614ac3bb06a94 and below 5cf3972c8221abdb1b464a14ccf8103d840b9085 is affected.
- Version fe4039034dcdf584afbf763787909e28e92a4927 and below 5a5f23ef5431639db1ac3a0b274aef3a84cc413c is affected.
- Version bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc and below eade54040384f54b7fb330e4b0975c5734850b3c is affected.
- Version 6.12.75 and below 6.12.80 is affected.
- Version 6.18.14 and below 6.18.21 is affected.
- Version 6.19.4 and below 6.19.11 is affected.