CVE-2026-31574 | Linux Kernel up to 7.0.0 clockevents next_event_forced state issue

VDB-359381 · CVE-2026-31574 · GCVE-0-2026-31574 LINUX KERNEL UP TO 7.0.0 CLOCKEVENTS NEXT_EVENT_FORCED STATE ISSUE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.3 $0-$5k 0.29+ Summaryinfo A vulnerability, which was classified as critical, has been found in Linux Kernel up to 7.0.0. Affected by this vulnerability is the function next_event_forced of the component clockevents. The manipulation leads to state issue. This vulnerability is documented as CVE-2026-31574. There is not any exploit available. It is advisable to upgrade the affected component. Detailsinfo A vulnerability, which was classified as critical, has been found in Linux Kernel up to 7.0.0. This issue affects the function next_event_forced of the component clockevents. The manipulation with an unknown input leads to a state issue vulnerability. Using CWE to declare the problem leads to CWE-371. The impact remains unknown. The summary by CVE is: In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock event state changes. That can cause the flag to be stale over a shutdown/startup sequence - When a non-forced event is armed, which then prevents rearming before that event. If that event is far out in the future this will cause missed timer interrupts. - In the suspend wakeup handler. That led to stalls which have been reported by several people. Add the missing resets, which fixes the problems for the reporters. The weakness was released by shutdown. The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2026-31574 since 03/09/2026. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/24/2026). Upgrading to version 7.0.1 eliminates this vulnerability. Applying the patch 9401b593fa48218d2667df1610b0ebc518554880 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Type Operating System Vendor Linux Name Kernel Version 7.0 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.5 VulDB Meta Temp Score: 5.3 VulDB Base Score: 5.5 VulDB Temp Score: 5.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: State issue CWE: CWE-371 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 7.0.1 Patch: 9401b593fa48218d2667df1610b0ebc518554880 Timelineinfo 03/09/2026 CVE reserved 04/24/2026 +45 days Advisory disclosed 04/24/2026 +0 days VulDB entry created 04/24/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Researcher: shutdown Status: Confirmed CVE: CVE-2026-31574 (🔒) GCVE (CVE): GCVE-0-2026-31574 GCVE (VulDB): GCVE-100-359381 Entryinfo Created: 04/24/2026 17:48 Changes: 04/24/2026 17:48 (60) Complete: 🔍 Cache ID: 99:FB9:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸