Microsoft added several CVEs to its Security Update Guide for Linux kernel components, including CVE-2026-31609 in SMB, CVE-2026-31591 in KVM SEV/SNP handling, CVE-2026-31469 in virtio_net, CVE-2026-31525 in BPF, and CVE-2026-31494 in the macb network driver. The listed issues span memory-safety and logic flaws such as a double-free in smbd_free_send_io() after smbd_send_batch_flush(), a use-after-free in virtio_net, and undefined behavior in the BPF interpreter for signed division and modulo involving INT_MIN.
The disclosures also include a KVM fix that locks all vCPUs while synchronizing VMSAs during SEV-SNP launch completion, indicating impact in confidential computing and virtualization workflows, alongside a macb driver correction for queue statistics handling. Taken together, the entries show Microsoft tracking upstream Linux kernel vulnerabilities across file sharing, virtualization, packet processing, and network drivers, with several bugs carrying potential stability or security impact in environments running affected kernel code paths.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.