๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Summary
The Linux Kernel has a vulnerability where system resources are incorrectly transferred between different security zones, potentially allowing an attacker to gain elevated privileges (privilege escalation, meaning they can perform actions normally restricted to administrators). This vulnerability is currently being exploited by attackers in the wild.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 2.6%
Yes
๐ฅ Actively Exploited
April 30, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31431
First tracked: May 1, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%