CVE-2026-31589

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: call -&gt;free_folio() directly in folio_unmap_invalidate()<br /> <br /> We can only call filemap_free_folio() if we have a reference to (or hold a<br /> lock on) the mapping. Otherwise, we&amp;#39;ve already removed the folio from the<br /> mapping so it no longer pins the mapping and the mapping can be removed,<br /> causing a use-after-free when accessing mapping-&gt;a_ops.<br /> <br /> Follow the same pattern as __remove_mapping() and load the free_folio<br /> function pointer before dropping the lock on the mapping. That lets us<br /> make filemap_free_folio() static as this was the only caller outside<br /> filemap.c.