{"id":"CVE-2026-31528","summary":"perf: Make sure to use pmu_ctx-\u003epmu for groups","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Make sure to use pmu_ctx-\u003epmu for groups\n\nOliver reported that x86_pmu_del() ended up doing an out-of-bound memory access\nwhen group_sched_in() fails and needs to roll back.\n\nThis *should* be handled by the transaction callbacks, but he found that when\nthe group leader is a software event, the transaction handlers of the wrong PMU\nare used. Despite the move_group case in perf_event_open() and group_sched_in()\nusing pmu_ctx-\u003epmu.\n\nTurns out, inherit uses event-\u003epmu to clone the events, effectively undoing the\nmove_group case for all inherited contexts. Fix this by also making inherit use\npmu_ctx-\u003epmu, ensuring all inherited counters end up in the same pmu context.\n\nSimilarly, __perf_event_read() should use equally use pmu_ctx-\u003epmu for the\ngroup case.","modified":"2026-07-09T18:31:09.746187451Z","published":"2026-04-22T13:54:41.180Z","related":["SUSE-SU-2026:21834-1","SUSE-SU-2026:21841-1","SUSE-SU-2026:21845-1","SUSE-SU-2026:21860-1","SUSE-SU-2026:21876-1","SUSE-SU-2026:21877-1","SUSE-SU-2026:21916-1","SUSE-SU-2026:21919-1","SUSE-SU-2026:2195-1","SUSE-SU-2026:2217-1","SUSE-SU-2026:2238-1","openSUSE-SU-2026:20826-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31528.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/35f7914e54fe7f13654c22ee045b05e4b6d8062b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3a696e84a8b1fafdd774bb30d62919faf844d9e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b9ce671960627b2505b3f64742544ae9801df97"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c759446046500a1a6785b25725725c3ff087ace"},{"type":"WEB","url":"https://git.kernel.org/stable/c/656f35b463995bee024d948440128230aacd81e1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31528.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31528"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bd27568117664b8b3e259721393df420ed51f57b"},{"fixed":"656f35b463995bee024d948440128230aacd81e1"},{"fixed":"3a696e84a8b1fafdd774bb30d62919faf844d9e4"},{"fixed":"35f7914e54fe7f13654c22ee045b05e4b6d8062b"},{"fixed":"4c759446046500a1a6785b25725725c3ff087ace"},{"fixed":"4b9ce671960627b2505b3f64742544ae9801df97"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31528.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.131"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.80"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.21"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31528.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}