Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-27T00:00:00 kernel: mm/kasan: fix double free for kasan pXds 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CWE-763

A flaw was found in the Linux kernel. A double-free vulnerability exists in the Kernel Address Sanitizer (KASAN) component, specifically within the `kasan_free_pxd()` function. This issue arises because the function incorrectly assumes that page tables are always page-aligned, which is not consistent across all architectures. This can lead to a double-free when memory is deallocated, potentially causing a system crash and resulting in a Denial of Service (DoS).

This Moderate impact flaw in the Linux kernel's Kernel Address Sanitizer (KASAN) component can lead to a system crash due to a double-free vulnerability. The issue arises from incorrect assumptions about page table alignment across different architectures, potentially resulting in a Denial of Service. This flaw is exploited with a debug enable flag with needs a privileged user to exploit. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31686 https://nvd.nist.gov/vuln/detail/CVE-2026-31686 https://lore.kernel.org/linux-cve-announce/2026042722-CVE-2026-31686-df69@gregkh/T