Description
In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix not releasing workqueue on .release()

The workqueue associated with an DSA/IAA device is not released when
the object is freed.
Published: 2026-05-05
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The idxd DMA engine driver fails to release the workqueue it creates when the driver object is freed. This missing resource release (CWE‑772) keeps kernel‑level workqueue structures allocated, creating a kernel memory leak. Based on the description, it is inferred that over time the unchecked accumulation can grow the kernel’s workqueue pool and potentially degrade system stability.

Affected Systems

All Linux kernel installations that compile with the idxd driver enabled are affected. Versions that exclude the idxd driver or disable it do not experience this issue.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of < 1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA KEV. Based on the description it is inferred that an attacker would need local or administrative privileges that allow loading or unloading the idxd kernel module to trigger the leak. In environments where such privileges exist, repeated unloading of the driver could lead to kernel resource exhaustion and a potential denial of service. Overall risk remains moderate, pending any changes in privilege availability or exploitation activity.

Generated by OpenCVE AI on May 6, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that fixes the workqueue release bug in the idxd driver.
  • If a suitable update is not yet available, unload or permanently disable the idxd kernel module to stop further workqueue allocation.
  • Monitor kernel memory usage and the count of active workqueues; if abnormal growth or allocation failures are detected, consider a reboot or kernel upgrade to restore stability.

Generated by OpenCVE AI on May 6, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-391

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 05 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-391

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release() The workqueue associated with an DSA/IAA device is not released when the object is freed.
Title dmaengine: idxd: Fix not releasing workqueue on .release()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:12.040Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43064

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-05T16:16:15.567

Modified: 2026-05-06T13:08:07.970

Link: CVE-2026-43064

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-05T00:00:00Z

Links: CVE-2026-43064 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T21:30:12Z

Weaknesses