CVE-2026-31521
Description
In the Linux kernel, the following vulnerability has been resolved:
module: Fix kernel panic when a symbol st_shndx is out of bounds
The module loader doesn't check for bounds of the ELF section index in simplify_symbols():
for (i = 1; i < symsec->sh_size / sizeof(Elf_Sym); i++) { const char *name = info->strtab + sym[i].st_name;
switch (sym[i].st_shndx) { case SHN_COMMON:
[...]
default: /* Divert to percpu allocation if a percpu var. */ if (sym[i].st_shndx == info->index.pcpu) secbase = (unsigned long)mod_percpu(mod); else / HERE --> / secbase = info->sechdrs[sym[i].st_shndx].sh_addr; sym[i].st_value += secbase; break; } }
A symbol with an out-of-bounds st_shndx value, for example 0xffff (known as SHN_XINDEX or SHN_HIRESERVE), may cause a kernel panic:
BUG: unable to handle page fault for address: ... RIP: 0010:simplify_symbols+0x2b2/0x480 ... Kernel panic - not syncing: Fatal exception
This can happen when module ELF is legitimately using SHN_XINDEX or when it is corrupted.
Add a bounds check in simplify_symbols() to validate that st_shndx is within the valid range before using it.
This issue was discovered due to a bug in llvm-objcopy, see relevant discussion for details [1].
[1] https://lore.kernel.org/linux-modules/20251224005752.201911-1-ihor.solodrai@linux.dev/
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.12.1,<5.15.203
- cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- osv-coords26 versionspkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 6.12.0-160000.34.1+ 25 more
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1.160000.2.15
- (no CPE)range: < 6.12.0-160000.34.1.160000.2.15
- (no CPE)range: < 6.12.0-160000.34.1.160000.2.15
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
- (no CPE)range: < 6.12.0-160000.34.1
Patches
Vulnerability mechanics
References
7- git.kernel.org/stable/c/082f15d2887329e0f43fd3727e69365f5bfe5d2cnvdPatch
- git.kernel.org/stable/c/4bbdb0e48176fd281c2b9a211b110db6fd94e175nvdPatch
- git.kernel.org/stable/c/5d16f519b6eb1d071807e57efe0df2baa8d32ad6nvdPatch
- git.kernel.org/stable/c/6ba6957c640f58dc8ef046981a045da43e47ea23nvdPatch
- git.kernel.org/stable/c/ec2b22a58073f80739013588af448ff6e2ab906fnvdPatch
- git.kernel.org/stable/c/ef75dc1401d8e797ee51559a0dd0336c225e1776nvdPatch
- git.kernel.org/stable/c/f9d69d5e7bde2295eb7488a56f094ac8f5383b92nvdPatch
News mentions
0No linked articles in our index yet.