Description
In the Linux kernel, the following vulnerability has been resolved:

nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy

Buffer size used in dma allocation and memcpy is wrong.
It can lead to undersized DMA buffer access and possible
memory corruption. use correct buffer size in dma_alloc_coherent
and memcpy.
Published: 2026-05-01
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel driver zynqmp_nvmem uses an incorrect size for the buffer allocated with dma_alloc_coherent and for the subsequent memcpy operation. This mismatch means that the DMA buffer can be smaller than the data being written, leading to a buffer overrun and memory corruption. Such corruption may overwrite kernel memory structures, potentially destabilizing the kernel or corrupting other data. Based on the description, it is inferred that these memory corruptions could in theory trigger a system crash or provide a foothold for higher‑privilege code execution, though no specific exploit path is documented.

Affected Systems

All Linux kernel builds that include the zynqmp_nvmem driver are affected, regardless of distribution. The exact kernel versions in which the faulty buffer size logic exists are not specified, so any kernel lacking the fix that contains this driver is potentially vulnerable.

Risk and Exploitability

The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of exploitation remains unknown. The flaw appears to require usage of the DMA subsystem, implying that local or privileged execution might be necessary to trigger the overrun. No additional conditions or external inputs are documented, so the risk assessment is limited to the uncertainty surrounding exploitability.

Generated by OpenCVE AI on May 2, 2026 at 10:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that incorporates the corrected buffer size in the zynqmp_nvmem driver.
  • Reboot the system so that the updated kernel and driver are loaded.
  • If required, consider disabling or removing the zynqmp_nvmem driver until the kernel update is applied.

Generated by OpenCVE AI on May 2, 2026 at 10:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy Buffer size used in dma allocation and memcpy is wrong. It can lead to undersized DMA buffer access and possible memory corruption. use correct buffer size in dma_alloc_coherent and memcpy.
Title nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:14:38.154Z

Reserved: 2026-03-09T15:48:24.138Z

Link: CVE-2026-31743

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:37.047

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31743

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31743 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T10:30:40Z

Weaknesses