Description
In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix leaking event log memory

During the device remove process, the device is reset, causing the
configuration registers to go back to their default state, which is
zero. As the driver is checking if the event log support was enabled
before deallocating, it will fail if a reset happened before.

Do not check if the support was enabled, the check for 'idxd->evl'
being valid (only allocated if the HW capability is available) is
enough.
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel idxd driver contains a flaw that causes a memory leak during device removal. When a device is removed, the driver performs a reset that clears all configuration registers to zero. Because the driver checks whether the event‑log support was enabled before freeing the corresponding memory, the reset can occur early, leaving idxd->evl uninitialized. As a result, the driver skips deallocation and leaks memory allocated for the event log. The leak manifests in kernel space and can gradually consume kernel memory over repeated removal cycles. The vulnerability is classified with a CVSS score of 5.5, indicating a medium severity impact on confidentiality, integrity, and availability.

Affected Systems

This flaw impacts all Linux kernel builds that ship with the idxd driver prior to the fix commit, regardless of distribution. Systems running unpatched kernels with the idxd driver are vulnerable. No specific version ranges are provided, so assume all kernels lacking the patch are affected.

Risk and Exploitability

The EPSS score of less than 1% suggests that publicly known exploitation attempts are extremely rare, and the vulnerability is not listed in the CISA KEV catalog. It is inferred that exploitation would require local privileged execution or a compromised kernel to influence device removal timing. An attacker who can repeatedly trigger device removal could drain kernel memory, potentially causing a denial‑of‑service scenario. Despite the low exploitation probability, the medium CVSS score and the internal nature of the attack vector warrant monitoring and prompt patching.

Generated by OpenCVE AI on May 7, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel that includes the commit fixing the idxd driver event‑log memory leak, or apply the patch locally to the idxd driver source and rebuild the kernel.
  • If a kernel upgrade is not immediately possible, uninstall or disable the idxd driver on systems that do not require it, to eliminate the memory leak risk.
  • For environments where the driver is essential, install a local patch that modifies the deallocation logic to skip the early evl check, ensuring memory is freed even if a reset occurs during device removal.
  • Continuously monitor kernel memory usage and logs for signs of heightened allocation patterns that might indicate a lingering leak; consider applying a memory pressure test to confirm the patch effectiveness.

Generated by OpenCVE AI on May 7, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Sun, 17 May 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 07 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
CWE-755

Thu, 07 May 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*

Tue, 28 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
CWE-755

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration registers to go back to their default state, which is zero. As the driver is checking if the event log support was enabled before deallocating, it will fail if a reset happened before. Do not check if the support was enabled, the check for 'idxd->evl' being valid (only allocated if the HW capability is available) is enough.
Title dmaengine: idxd: Fix leaking event log memory
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-17T15:21:26.990Z

Reserved: 2026-03-09T15:48:24.090Z

Link: CVE-2026-31440

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-04-22T14:16:37.390

Modified: 2026-05-17T16:16:15.253

Link: CVE-2026-31440

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31440 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T22:30:36Z

Weaknesses