CVE-2026-31574

Vulnerability

The Linux kernel's clockevents subsystem implements a prevention mechanism against timer interrupt starvation. This mechanism relies on a next_event_forced flag to track forced events. However, the flag was not properly reset in several critical code paths: when the clock event state changes (e.g., during a shutdown/startup sequence), when a non-forced event is armed, and in the suspend wakeup handler [1][2]. This omission can leave the flag in a stale state.

Exploitation

The vulnerability can be triggered by normal system operations such as suspending and resuming, or by changing the state of clock event devices. No special privileges or authentication are needed beyond having access to the system; the issue manifests during routine kernel operations. For example, after a suspend/resume cycle, the stale flag may cause the kernel to skip the reprogramming of the next timer event.

Impact

An attacker (or an unprivileged user) could cause the system to miss timer interrupts, leading to system stalls or hangs. The reports from several users confirm that this bug results in observable system unresponsiveness. Because the bug affects the core timer subsystem, any service relying on timely interrupts (e.g., process scheduling, network timers) can be disrupted.

Mitigation

The fix involves adding the missing flag resets in the affected code paths. The patch has been committed to the Linux kernel stable branches and is available via commits 9401b593fa48 and 4096fd0e8eae [1][2]. Users are advised to update their kernel to a version that includes these commits. There is no known workaround other than applying the patch.