{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "a86c61812637c7dd0c57e29880cffd477b62f2e7"
            },
            {
              "fixed": "39d6e2b67651614bac0dc6592fa9836321910067"
            },
            {
              "fixed": "c5839b34704c9c2f47f079451bdbb22de0da1ed1"
            },
            {
              "fixed": "10242e640b36b91ad03d25f3dc77854bbdff8358"
            },
            {
              "fixed": "4d08401aa13f1531216f1a7ae281ca4806e90a5c"
            },
            {
              "fixed": "407c944f217c17d4343148011acafebc604d55e1"
            },
            {
              "fixed": "93f2e975ed658ce09db4d4c2877ca2c06540df83"
            },
            {
              "fixed": "01bf1e0b997d82c0e353b51ed74ef99698043c33"
            },
            {
              "fixed": "2acb5c12ebd860f30e4faf67e6cc8c44ddfe5fe8"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.19"
            },
            {
              "fixed": "5.10.259"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.210"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.175"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.140"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.80"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.21"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31449.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: validate p_idx bounds in ext4_ext_correct_indexes\n\next4_ext_correct_indexes() walks up the extent tree correcting\nindex entries when the first extent in a leaf is modified. Before\naccessing path[k].p_idx-\u003eei_block, there is no validation that\np_idx falls within the valid range of index entries for that\nlevel.\n\nIf the on-disk extent header contains a corrupted or crafted\neh_entries value, p_idx can point past the end of the allocated\nbuffer, causing a slab-out-of-bounds read.\n\nFix this by validating path[k].p_idx against EXT_LAST_INDEX() at\nboth access sites: before the while loop and inside it. Return\n-EFSCORRUPTED if the index pointer is out of range, consistent\nwith how other bounds violations are handled in the ext4 extent\ntree code.",
  "id": "CVE-2026-31449",
  "modified": "2026-07-08T05:37:22.917906663Z",
  "published": "2026-04-22T13:53:44.777Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01bf1e0b997d82c0e353b51ed74ef99698043c33"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10242e640b36b91ad03d25f3dc77854bbdff8358"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2acb5c12ebd860f30e4faf67e6cc8c44ddfe5fe8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39d6e2b67651614bac0dc6592fa9836321910067"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/407c944f217c17d4343148011acafebc604d55e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d08401aa13f1531216f1a7ae281ca4806e90a5c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/93f2e975ed658ce09db4d4c2877ca2c06540df83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5839b34704c9c2f47f079451bdbb22de0da1ed1"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31449.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31449"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ext4: validate p_idx bounds in ext4_ext_correct_indexes"
}