CVE-2026-31574

MEDIUM

clockevents: Add missing resets of the next_event_forced flag

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed to reset the next_event_forced flag in a couple of places: - When the clock event state changes. That can cause the flag to be stale over a shutdown/startup sequence - When a non-forced event is armed, which then prevents rearming before that event. If that event is far out in the future this will cause missed timer interrupts. - In the suspend wakeup handler. That led to stalls which have been reported by several people. Add the missing resets, which fixes the problems for the reporters.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/9401b593fa48218d2667df1610b0ebc518554880

https://git.kernel.org/stable/c/4096fd0e8eaea13ebe5206700b33f49635ae18e5

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (9)

Linux/Linux < 7.0

Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 9401b593fa48218d2667df1610b0ebc518554880

Linux/Linux 7.0

Linux/Linux 7.0.1 - 7.0.*

Linux/Linux 7.1-rc1

Linux/Linux d6e152d905bdb1f32f9d99775e2f453350399a6a - 4096fd0e8eaea13ebe5206700b33f49635ae18e5

Linux/Linux d6e152d905bdb1f32f9d99775e2f453350399a6a - 9401b593fa48218d2667df1610b0ebc518554880

linux/linux_kernel 7.0

linux/linux_kernel < 7.0.1

Published Apr 24, 2026

Tracked Since Apr 24, 2026