CVE-2026-31443 - Vulnerability Details

- dmaengine: idxd: Fix crash when the event log is disabled

Description

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix crash when the event log is disabled

If reporting errors to the event log is not supported by the hardware,
and an error that causes Function Level Reset (FLR) is received, the
driver will try to restore the event log even if it was not allocated.

Also, only try to free the event log if it was properly allocated.

Published: 2026-04-22

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The idxd driver in the Linux kernel contains a flaw that can cause a crash when the event log is disabled. During a Function Level Reset error, the driver attempts to restore an event log that was not allocated because the hardware does not support event logging, leading to a kernel panic. This manifests as a null pointer dereference that the driver fails to guard against, resulting in a loss of system availability requiring a reboot.

Affected Systems

Linux kernel builds that include the idxd driver. The specific kernel versions affected are not listed, so any kernel that ships the idxd driver without the recent fix may be vulnerable. The flaw occurs only when the hardware does not support event logging.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate impact, and the EPSS score of < 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the crash is triggered by a Function Level Reset error. It is inferred that an attacker able to induce such an error—likely requiring local or privileged access—could provoke the crash. No remote exploitation or code execution is described in the available data. Because of the low exploitation likelihood and lack of public exploits, the urgency for remediation is moderated, but applying the patch is the definitive mitigation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6078a315aec15e0776fa90347cf4eba7478cdbd7`	affected	< aa0ffc6d3990ec35976308a068dc23178037e564
`6078a315aec15e0776fa90347cf4eba7478cdbd7`	affected	< 0e761079d653c25f838380cf7cef2730832110cc
`6078a315aec15e0776fa90347cf4eba7478cdbd7`	affected	< 52d2edea0d63c935e82631e4b9e4a94eccf97b5b

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6078a315aec15e0776fa90347cf4eba7478cdbd7,aa0ffc6d3990ec35976308a068dc23178037e564)`	affected	code_commit	—
`[6078a315aec15e0776fa90347cf4eba7478cdbd7,0e761079d653c25f838380cf7cef2730832110cc)`	affected	code_commit	—
`[6078a315aec15e0776fa90347cf4eba7478cdbd7,52d2edea0d63c935e82631e4b9e4a94eccf97b5b)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.14`	affected	generic	—
`[0,6.14)`	unaffected	generic	—
`[6.18.21,6.19.0)`	unaffected	semver	—
`[6.19.11,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel version that contains the idxd driver patch.
If disabling event logging is possible, configure the hardware or driver to avoid enabling event logging when the feature is unsupported.
After applying the patch or configuration change, test the system by provoking a Function Level Reset error to confirm that the kernel no longer crashes.

Generated by OpenCVE AI on May 7, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc
https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b
https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564
https://lore.kernel.org/linux-cve-announce/2026042245-CVE-2026-31443-0b7d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31443
https://www.cve.org/CVERecord?id=CVE-2026-31443

History

Thu, 07 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::

Wed, 29 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026042245-CVE-2026-31443-0b7d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31443 https://www.cve.org/CVERecord?id=CVE-2026-31443
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 22 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, and an error that causes Function Level Reset (FLR) is received, the driver will try to restore the event log even if it was not allocated. Also, only try to free the event log if it was properly allocated.
Title		dmaengine: idxd: Fix crash when the event log is disabled
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:53:40.616Z

Updated: 2026-05-11T22:08:48.361Z

Reserved: 2026-03-09T15:48:24.090Z

Link: CVE-2026-31443

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-22T14:16:37.860

Modified: 2026-05-07T19:27:16.457

Link: CVE-2026-31443

Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31443 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-07T20:30:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object