CVE-2026-31431
Bulletin ID: 2026-026-AWS
Scope: Amazon
Content Type: Important (requires attention)
Publication Date: 05/06/2026 18:30 PM PDT
Description:
Amazon is aware of an issue in the Linux kernel (CVE-2026-31431) that could potentially allow an authenticated local user to escalate privileges.
With the exception of the services listed below, AWS customers are not affected. See below for specific guidance on affected services. As a best practice, AWS recommends that you apply all security patches and software version updates as soon as they become available.
Affected services with customer action required:
- Amazon Linux: Amazon Linux kernels 4.14, 5.4, 5.10, 5.15, 6.1, 6.12, and 6.18 are affected. AWS has released updates to Amazon Linux addressing this issue and customers should apply the latest kernel updates. We recommend referring to the Amazon Linux Security Center (ALAS) for updated information related to this issue.
- Bottlerocket: AWS has released updates addressing this issue for all supported versions of Bottlerocket. Customers should apply all available updates to their Bottlerocket hosts.
- ECS: Updates for ECS on EC2 will be made available by 2026-05-07. Updates for ECS Managed Instances will be made available by 2026-05-15.
- EKS: Updates for EKS-optimized AMIs will be made available by 2026-05-08.
- EMR: AWS will release updates for EMR by 2026-05-20.
- Fargate: AWS will release updates for Fargate 1.3 by 2026-05-19 and for Fargate 1.4 by 2026-05-15.
- AWS Deep Learning AMIs (DLAMI): AWS Deep Learning AMIs for Trainium and Inferentia instances are affected. Updated AMIs will be made available by 2026-05-07. Customers using DLAMIs on EC2 should launch new instances with the latest DLAMI version once updates are available.
- Sagemaker: More information on Sagemaker will be published as soon as updates are available.
References:
Please email aws-security@amazon.com with any security questions or concerns.