Skip to main content

CVE-2026-31431

Bulletin ID: 2026-026-AWS
Scope: Amazon
Content Type: Important (requires attention)
Publication Date: 05/06/2026 18:30 PM PDT
Modification Date: 05/07/2026 18:25 PM PDT
 

Description:

Amazon is aware of an issue in the Linux kernel (CVE-2026-31431) that could potentially allow an authenticated local user to escalate privileges.

With the exception of the services listed below, AWS customers are not affected. See below for specific guidance on affected services. As a best practice, AWS recommends that you apply all security patches and software version updates as soon as they become available.

Affected services with customer action required:

  • Amazon Linux: Amazon Linux kernels 4.14, 5.4, 5.10, 5.15, 6.1, 6.12, and 6.18 are affected. AWS has released updates to Amazon Linux addressing this issue and customers should apply the latest kernel updates. We recommend referring to the Amazon Linux Security Center (ALAS) for updated information related to this issue.

  • Bottlerocket: AWS has released updates addressing this issue for all supported versions of Bottlerocket. Customers should apply all available updates to their Bottlerocket hosts.

  • ECS: Updates for ECS on EC2 will be made available by 2026-05-07. Updates for ECS Managed Instances will be made available by 2026-05-15.

  • EKS: Updates for EKS-optimized AMIs will be made available by 2026-05-08.

  • EMR: AWS will release updates for EMR by 2026-05-20.

  • Fargate: AWS will release updates for Fargate 1.3 by 2026-05-19 and for Fargate 1.4 by 2026-05-15.

  • AWS Deep Learning AMIs (DLAMI): AWS Deep Learning AMIs instances are affected. Updated AMIs for Neuron Base will be available on 2026-05-07, and updated AMIs for Trainium and Inferentia will be made available on 2026-05-11. Customers using DLAMIs on EC2 should launch new instances with the latest DLAMI version once updates are available.

  • Sagemaker: 
    All Notebook instances that are created or restarted after 2026-05-15 will automatically include the patched kernel. Customers should restart their notebooks to pick up the latest kernel version.

    All Hyperpod clusters will be available to be patched by 2026-05-15. Customers will be required to update their cluster software to pick up the latest kernel.

    All SageMaker Inference Endpoints, Studio, and Canvas resources created, restarted, or updated after 2026-05-15 will include the patched kernel. Customers should restart their Studio and Canvas apps to pick up the latest kernel version.

    All SageMaker Training, Processing Jobs, and Batch Transform jobs launched after 2026-05-15 will automatically use the patched kernel. No customer action required.

    AWS will begin patching all existing SageMaker resources as soon as the patches are available with the exception of HyperPod as noted above.
     

References:

To find more information about "Dirty Frag" and other issues in Amazon Linux kernels (CVE-2026-31431), please refer to our Security Bulletin


Please email aws-security@amazon.com with any security questions or concerns.