CVE-2026-31523 | nvme-pci: ensure we're polling a polled queue

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue maps, which would race with the now interrupt driven queue and may cause double completions.

Published: 2026-04-22 Last update: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Analyzed，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2026-31523

EPSS CVSS CWE GHSA Affected OS Tracker

Conclusion & alert: CVE-2026-31523 is rated Low Risk (19.1/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.09%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-31523

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.09%	+0.07%
2	2026-04-23	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-31523

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.7	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.0	3.6	[email protected]

Weakness enumeration for CVE-2026-31523

CWE-367 MITRE ↗

GitHub Security Advisory for CVE-2026-31523

GHSA-gvcv-rjfq-gg9g · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're...

OS Trackers for CVE-2026-31523

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-31523 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2026-31523
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2026-31523
`suse`	medium	CVE-2026-31523 severity moderate: SUSE including 20 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 80 product×package rows across 19 product lines (SUSE Linux Enterprise High Availability Extension 15 SP7, SUSE Linux Enterprise Live Patching 12 SP5, … (19 product lines)): Known Not Affected 80.	https://www.suse.com/security/cve/CVE-2026-31523/
`ubuntu`	medium	CVE-2026-31523 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1048, ignored 173, needed 130, released 83, not-affected 11, needs-triage 4.	https://ubuntu.com/security/CVE-2026-31523

Affected software / configurations for CVE-2026-31523

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 5.0, < 5.10.253	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.11, < 5.15.203	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.16, < 6.1.168	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.2, < 6.6.131	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.7, < 6.12.80	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.13, < 6.18.21	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.19, < 6.19.11	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	7.0	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
linux	linux_kernel	7.0	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

References for CVE-2026-31523

URL	Tags
https://git.kernel.org/stable/c/0685dd9cb855ab77fcf3577b4702ba1d6df1c98d	Patch
https://git.kernel.org/stable/c/166e31d7dbf6aa44829b98aa446bda5c9580f12a	Patch
https://git.kernel.org/stable/c/6f12734c4b619f923a4df0b1a46b8098b187d324	Patch
https://git.kernel.org/stable/c/965e2c943f065122f14282a88d70a8a92e12a4da	Patch
https://git.kernel.org/stable/c/acbc72dd1a09df53cafcf577259f4678be6afd6d	Patch
https://git.kernel.org/stable/c/b222680ba55e018426c4535067a008f1d81a5d21	Patch
https://git.kernel.org/stable/c/b96c7b25eb1b748f3e3b1832ebf028b0b223d7e3	Patch
https://git.kernel.org/stable/c/ba167d5982e2eb6ff9356d409eca592ce99555da	Patch

cvelogic Threat Intelligence