CVE-2026-31442 - Vulnerability Details

- dmaengine: idxd: Fix possible invalid memory access after FLR

Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix possible invalid memory access after FLR

In the case that the first Function Level Reset (FLR) concludes
correctly, but in the second FLR the scratch area for the saved
configuration cannot be allocated, it's possible for a invalid memory
access to happen.

Always set the deallocated scratch area to NULL after FLR completes.

Published: 2026-04-22

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the idxd dmaengine driver can trigger an invalid memory access when a second Function Level Reset (FLR) fails to allocate its scratch area, after a successful first FLR. The driver does not set the deallocated scratch area to NULL, leaving a dangling reference that may be dereferenced during the FLR process, potentially leading to a kernel memory corruption or crash.

Affected Systems

This vulnerability affects any system running the Linux kernel that includes the idxd dmaengine driver, which is common on platforms that provide Intel Data Plane Acceleration (DPA) infrastructure. The discrepancy is limited to kernels that have not been updated to include the corrective changes. No specific kernel version is listed, so all kernels using the vulnerable driver path are at risk until the patch is applied.

Risk and Exploitability

Because the flaw resides in a kernel driver, exploitation would likely require local privileged access or the ability to trigger a Function Level Reset via a device interface. A successful exploitation could cause a kernel panic or memory corruption, leading to denial of service or, if memory corruption is leveraged, escalation of privileges. The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog, suggesting that active exploitation is not widely reported at this time. Nevertheless, the high impact of a kernel crash warrants immediate attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`98d187a989036096feaa2fef1ec3b2240ecdeacf`	affected	< 504c0e6751001ac46917c73e703f2b1b92cfc026
`98d187a989036096feaa2fef1ec3b2240ecdeacf`	affected	< 867d0c801f21370d561420fa32f2ea1a7dc3a22d
`98d187a989036096feaa2fef1ec3b2240ecdeacf`	affected	< d6077df7b75d26e4edf98983836c05d00ebabd8d

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[98d187a989036096feaa2fef1ec3b2240ecdeacf,504c0e6751001ac46917c73e703f2b1b92cfc026)`	affected	code_commit	['*']
`[98d187a989036096feaa2fef1ec3b2240ecdeacf,867d0c801f21370d561420fa32f2ea1a7dc3a22d)`	affected	code_commit	['*']
`[98d187a989036096feaa2fef1ec3b2240ecdeacf,d6077df7b75d26e4edf98983836c05d00ebabd8d)`	affected	code_commit	['*']

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.14`	affected	generic	['*']
`[0,6.14)`	unaffected	generic	['*']
`[6.18.21,6.19.0)`	unaffected	semver	['*']
`[6.19.11,6.20.0)`	unaffected	semver	['*']
`[7.0,*]`	unaffected	generic	['*']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the patch that clears the scratch area after an FLR
Verify that the specific commit hashes (e.g., 504c0e6, 867d0c8, d6077df) are present in the kernel source to ensure the fix is applied
If a kernel update is not immediately possible, refrain from performing Function Level Resets on idxd devices until the issue is resolved

Generated by OpenCVE AI on April 22, 2026 at 19:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026
https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d
https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d
https://lore.kernel.org/linux-cve-announce/2026042244-CVE-2026-31442-dece@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31442
https://www.cve.org/CVERecord?id=CVE-2026-31442

History

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026042244-CVE-2026-31442-dece@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31442 https://www.cve.org/CVERecord?id=CVE-2026-31442
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 22 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416 CWE-476

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible invalid memory access after FLR In the case that the first Function Level Reset (FLR) concludes correctly, but in the second FLR the scratch area for the saved configuration cannot be allocated, it's possible for a invalid memory access to happen. Always set the deallocated scratch area to NULL after FLR completes.
Title		dmaengine: idxd: Fix possible invalid memory access after FLR
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026 https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:53:39.895Z

Updated: 2026-04-22T13:53:39.895Z

Reserved: 2026-03-09T15:48:24.090Z

Link: CVE-2026-31442

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-22T14:16:37.703

Modified: 2026-04-22T14:16:37.703

Link: CVE-2026-31442

Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31442 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-22T19:15:24Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object