CVE-2026-31596
ocfs2: handle invalid dinode in ocfs2_group_extend
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2_group_extend [BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:ocfs2_group_extend+0x10aa/0x1ae0 fs/ocfs2/resize.c:308 Code: 8b8520ff ffff83f8 860f8580 030000e8 5cc3c1fe Call Trace: ... ocfs2_ioctl+0x175/0x6e0 fs/ocfs2/ioctl.c:869 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583 x64_sys_call+0x1144/0x26a0 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x93/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e ... [CAUSE] ocfs2_group_extend() assumes that the global bitmap inode block returned from ocfs2_inode_lock() has already been validated and BUG_ONs when the signature is not a dinode. That assumption is too strong for crafted filesystems because the JBD2-managed buffer path can bypass structural validation and return an invalid dinode to the resize ioctl. [FIX] Validate the dinode explicitly in ocfs2_group_extend(). If the global bitmap buffer does not contain a valid dinode, report filesystem corruption with ocfs2_error() and fail the resize operation instead of crashing the kernel.
INFO
Published Date :
April 24, 2026, 3:16 p.m.
Last Modified :
June 1, 2026, 5:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Update the Linux kernel to include the ocfs2 fix.
- Validate inodes explicitly in ocfs2_group_extend.
- Report filesystem corruption using ocfs2_error().
- Fail resize operations on invalid dinodes.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-31596.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-31596 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-31596
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-31596 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-31596 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 01, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/7eafcf507fbd68f3276c00f6c02ef155ad69f79b Added Reference https://git.kernel.org/stable/c/b328d8e7c437d0f026ba2c13788af6eae77700f1 Added Reference https://git.kernel.org/stable/c/fabfa6b81bd386154d7e59f8cd8f760f9e68b48c -
Initial Analysis by [email protected]
Apr. 29, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.24 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 6.19.14 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 7.0 up to (excluding) 7.0.1 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.29 up to (excluding) 6.6.136 Added Reference Type kernel.org: https://git.kernel.org/stable/c/10fb72c47aac446f12a4ccd962c7daa60cc890a1 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/41c6e9bc3a09539deab43957a3211d902a4818f0 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/4a1c0ddc6e7bcf2e9db0eeaab9340dcfe97f448f Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/6575f9fbf084502b7118a628425bf7866666498d Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/911b557dd7817460881fd51a03069b539c674d0e Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/e384a850a3370d89a7a446cdeccd964bfba2a302 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 27, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/6575f9fbf084502b7118a628425bf7866666498d -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 27, 2026
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/4a1c0ddc6e7bcf2e9db0eeaab9340dcfe97f448f -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 24, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2_group_extend [BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:ocfs2_group_extend+0x10aa/0x1ae0 fs/ocfs2/resize.c:308 Code: 8b8520ff ffff83f8 860f8580 030000e8 5cc3c1fe Call Trace: ... ocfs2_ioctl+0x175/0x6e0 fs/ocfs2/ioctl.c:869 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583 x64_sys_call+0x1144/0x26a0 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x93/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e ... [CAUSE] ocfs2_group_extend() assumes that the global bitmap inode block returned from ocfs2_inode_lock() has already been validated and BUG_ONs when the signature is not a dinode. That assumption is too strong for crafted filesystems because the JBD2-managed buffer path can bypass structural validation and return an invalid dinode to the resize ioctl. [FIX] Validate the dinode explicitly in ocfs2_group_extend(). If the global bitmap buffer does not contain a valid dinode, report filesystem corruption with ocfs2_error() and fail the resize operation instead of crashing the kernel. Added Reference https://git.kernel.org/stable/c/10fb72c47aac446f12a4ccd962c7daa60cc890a1 Added Reference https://git.kernel.org/stable/c/41c6e9bc3a09539deab43957a3211d902a4818f0 Added Reference https://git.kernel.org/stable/c/911b557dd7817460881fd51a03069b539c674d0e Added Reference https://git.kernel.org/stable/c/e384a850a3370d89a7a446cdeccd964bfba2a302