Microsoft published a batch of Security Update Guide entries for Linux kernel vulnerabilities spanning core subsystems including ext4, xfs, memory management, networking, virtualization, and device drivers. The listed issues include memory-safety and stability flaws such as a use-after-free in ext4 tracked as CVE-2026-31446, an smc double-free in CVE-2026-31507, a teardown-order use-after-free in the spi-fsl-lpspi driver in CVE-2026-31485, and a Bluetooth L2CAP bug in CVE-2026-31498 that could trigger an infinite loop. Additional entries cover fixes in af_key, netfilter ctnetlink, nfc nci, perf, and memory-management code paths.
The disclosures also include filesystem and virtual networking fixes such as CVE-2026-31452 in ext4, CVE-2026-31454 in xfs, and two openvswitch issues, CVE-2026-31678 and **CVE-2026-31679, addressing tunnel device release handling and MPLS payload-length validation. Microsoft further listed **CVE-2026-31601** in vfio/xe` and CVE-2026-31589 in the kernel MM subsystem, indicating broad exposure across Linux environments that rely on affected kernel components. The set of advisories points to patch activity focused on preventing use-after-free, double-free, locking, validation, and resource-lifecycle errors in widely deployed kernel code.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
14 events from the most recent confirmed update back to the earliest known activity.
Microsoft added CVE-2026-31679 to its Security Update Guide for an Open vSwitch issue involving validation of MPLS set/set_masked payload length. The advisory was published on 2026-04-26.
Microsoft published CVE-2026-31678, describing an Open vSwitch issue addressed by deferring tunnel netdev_put to RCU release. The vulnerability appeared in the Security Update Guide on 2026-04-26.
Microsoft added CVE-2026-31601 to the Security Update Guide for a vfio/xe issue involving reorganization of initialization to decouple migration from reset. The advisory was published on 2026-04-26.
Microsoft published CVE-2026-31589 in the Security Update Guide for an mm issue involving direct calls to free_folio() in folio_unmap_invalidate(). The listing was published on 2026-04-26.
Microsoft added CVE-2026-31528 to its Security Update Guide for a perf issue involving use of pmu_ctx->pmu for groups. The advisory was published on 2026-04-23.
Microsoft published CVE-2026-31515, describing an af_key issue requiring validation of families in pfkey_send_migrate(). The vulnerability was listed in the Security Update Guide on 2026-04-23.
Microsoft added CVE-2026-31509 to the Security Update Guide for an nfc/nci circular locking dependency in nci_close_device. This represents the public advisory date for the issue.
Microsoft published CVE-2026-31507 for a net/smc double-free condition affecting smc_spd_priv when tee() duplicates a splice pipe buffer. The entry appeared in the Security Update Guide on 2026-04-23.
Microsoft added CVE-2026-31498 to its Security Update Guide for a Bluetooth L2CAP issue involving ERTM re-initialization and a zero pdu_len infinite loop. The advisory was published on 2026-04-23.
Microsoft published CVE-2026-31495, describing a netfilter ctnetlink issue addressed by using netlink policy range checks. The listing reflects public disclosure in the Security Update Guide.
Microsoft added CVE-2026-31485 to the Security Update Guide for a teardown order use-after-free issue in the spi-fsl-lpspi driver. The advisory was published on 2026-04-23.
Microsoft published CVE-2026-31454, covering an XFS issue related to saving ailp before dropping the AIL lock in push callbacks. This marks the vulnerability's appearance in the Security Update Guide.
Microsoft published CVE-2026-31452 in its Security Update Guide for an ext4 issue involving conversion of inline data to extents when truncate exceeds inline size. The entry indicates public tracking of the vulnerability on that date.
Microsoft added CVE-2026-31446 to its Security Update Guide, describing an ext4 use-after-free issue in update_super_work when racing with umount. The advisory was published alongside other Linux kernel-related CVEs.
14 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.