KDKernelDiff

security review

Security-relevant kernel changes.

CVE-linked fixes are separated from security-relevant commits with no CVE assigned. Applicability remains config and usage dependent.

cves

CVE-linked fixes

CVE-2026-31840UAFfs/btrfs

Use-after-free in btrfs relocation on tree-log replay

Local crash / potential privilege escalation. Fixed in 7.1.2 and backported to selected older branches.

Fixed in
7.1.2, 7.0.14, 6.18.7
Affected
7.0 – 7.1.1; config and filesystem usage dependent
Distro status
Distro package status tracked separately; CachyOS fixed in indexed package data; Arch/Fedora/Ubuntu pending ingestion
Config applicability
Requires btrfs enabled and affected tree-log relocation path to be reachable.
Parsed CVE/commit mappingAI impact summary
CVE-2026-31902OOBnet/tls

Out-of-bounds read in net/tls on malformed record

Malformed TLS record length can trigger an out-of-bounds read in the kernel TLS software path.

Fixed in
7.1.2, 7.0.14
Affected
7.0 – 7.1.1; depends on kernel TLS use
Distro status
Distro package status tracked separately; CachyOS fixed in indexed package data; Arch/Fedora/Ubuntu pending ingestion
Config applicability
Requires kernel TLS support and affected software TLS path.
Parsed CVE/commit mappingAI impact summary

no cve assigned

Security-relevant, no CVE assigned

These are evidence-based labels, not vulnerability claims.