CVE-2026-31442 - Vulnerability Details

- dmaengine: idxd: Fix possible invalid memory access after FLR

Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix possible invalid memory access after FLR

In the case that the first Function Level Reset (FLR) concludes
correctly, but in the second FLR the scratch area for the saved
configuration cannot be allocated, it's possible for a invalid memory
access to happen.

Always set the deallocated scratch area to NULL after FLR completes.

Published: 2026-04-22

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the idxd dmaengine driver can trigger an invalid memory access when a second Function Level Reset (FLR) fails to allocate its scratch area after a successful first FLR. The driver leaves a dangling pointer to a freed scratch area, does not nullify the reference, and mishandles the reset loop, which may cause the kernel to dereference invalid memory and corrupt kernel space, potentially leading to a crash or denial of service.

Affected Systems

This vulnerability affects any system running a Linux kernel that includes the idxd dmaengine driver. The flaw exists wherever the driver handles Function Level Resets on devices. No specific kernel versions are listed, so all vulnerable instances are at risk until the patch is applied.

Risk and Exploitability

The EPSS score of less than 1%, the CVSS score of 7.8, and the absence in the CISA KEV catalog indicate that active exploitation is currently unlikely. However, the vulnerability can still be triggered locally to cause a kernel crash or memory corruption, which would result in denial of service. The likely attack vector involves triggering a Function Level Reset on an idxd device through a privileged local interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`98d187a989036096feaa2fef1ec3b2240ecdeacf`	affected	< 504c0e6751001ac46917c73e703f2b1b92cfc026
`98d187a989036096feaa2fef1ec3b2240ecdeacf`	affected	< 867d0c801f21370d561420fa32f2ea1a7dc3a22d
`98d187a989036096feaa2fef1ec3b2240ecdeacf`	affected	< d6077df7b75d26e4edf98983836c05d00ebabd8d

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[98d187a989036096feaa2fef1ec3b2240ecdeacf,504c0e6751001ac46917c73e703f2b1b92cfc026)`	affected	code_commit	['*']
`[98d187a989036096feaa2fef1ec3b2240ecdeacf,867d0c801f21370d561420fa32f2ea1a7dc3a22d)`	affected	code_commit	['*']
`[98d187a989036096feaa2fef1ec3b2240ecdeacf,d6077df7b75d26e4edf98983836c05d00ebabd8d)`	affected	code_commit	['*']

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.14`	affected	generic	['*']
`[0,6.14)`	unaffected	generic	['*']
`[6.18.21,6.19.0)`	unaffected	semver	['*']
`[6.19.11,6.20.0)`	unaffected	semver	['*']
`[7.0,*]`	unaffected	generic	['*']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the patch that clears the scratch area after an FLR
If a kernel update is not immediately possible, refrain from performing Function Level Resets on idxd devices until the issue is resolved
Monitor system logs for FLR errors and any kernel memory allocation failures related to idxd operations
Check vendor advisories and kernel mailing lists for updates or additional mitigations

Generated by OpenCVE AI on May 7, 2026 at 20:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026
https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d
https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d
https://lore.kernel.org/linux-cve-announce/2026042244-CVE-2026-31442-dece@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31442
https://www.cve.org/CVERecord?id=CVE-2026-31442

History

Thu, 07 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::

Wed, 29 Apr 2026 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416 CWE-476

Mon, 27 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026042244-CVE-2026-31442-dece@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31442 https://www.cve.org/CVERecord?id=CVE-2026-31442
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 22 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416 CWE-476

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible invalid memory access after FLR In the case that the first Function Level Reset (FLR) concludes correctly, but in the second FLR the scratch area for the saved configuration cannot be allocated, it's possible for a invalid memory access to happen. Always set the deallocated scratch area to NULL after FLR completes.
Title		dmaengine: idxd: Fix possible invalid memory access after FLR
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026 https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:53:39.895Z

Updated: 2026-05-11T22:08:47.238Z

Reserved: 2026-03-09T15:48:24.090Z

Link: CVE-2026-31442

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-22T14:16:37.703

Modified: 2026-05-07T19:28:27.587

Link: CVE-2026-31442

Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31442 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-07T21:00:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object