Skip to main content

Linux Kernel CVE-2026-31439

| EUVDEUVD-2026-24767 MEDIUM
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-hwph-35qx-q23p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Generated
May 20, 2026 - 00:14 vuln.today
CVSS changed
May 19, 2026 - 22:07 NVD
5.5 (MEDIUM)
Patch released
Apr 23, 2026 - 16:17 nvd
Patch available
Patch available
Apr 22, 2026 - 16:02 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24767
CVE Published
Apr 22, 2026 - 14:16 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: xilinx: xdma: Fix regmap init error handling

devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the error check and also fix the error message. Use the error code from ERR_PTR() instead of the wrong value in ret.

AnalysisAI

Incorrect error-handling in the Linux kernel's Xilinx XDMA DMA engine driver causes a kernel denial-of-service when regmap initialization fails. The driver's probe function checks the return value of devm_regmap_init_mmio against NULL rather than using IS_ERR(), meaning a failure returns an ERR_PTR() value that is non-NULL and passes the check silently; the corrupted pointer is then used, triggering a kernel panic. Affected systems require Xilinx XDMA hardware to be present and actively probed by the driver. No public exploit has been identified at time of analysis, and EPSS exploitation probability stands at a negligible 0.02%.

Technical ContextAI

The vulnerability resides in the dmaengine/xilinx/xdma subsystem of the Linux kernel (CPE: cpe:2.3:o:linux:linux_kernel). The devm_regmap_init_mmio() API, part of the kernel's regmap abstraction layer for memory-mapped I/O register access, returns an ERR_PTR()-encoded error value - not NULL - upon failure. The driver code incorrectly checked the result with a NULL comparison rather than the canonical IS_ERR() macro, and additionally propagated the wrong error code by reading from the ERR_PTR value instead of using PTR_ERR(). The root cause class is improper error handling (analogous to CWE-390/CWE-755), where the error sentinel type mismatch results in a live kernel pointer dereference of an invalid address, producing a kernel oops or panic. The bug was introduced at commit 17ce252266c7f016ece026492c45838f852ddc79. A secondary discrepancy: the vulnerability is tagged 'Information Disclosure' in ENISA EUVD, but the CVSS vector specifies C:N (no confidentiality impact) - this tag is likely erroneous or refers to the misleading error message behavior, not actual data exposure.

RemediationAI

The primary fix is upgrading to a patched Linux kernel version: 6.6.131, 6.12.80, 6.18.21, 6.19.11, or Linux 7.0 (stable release). Upstream patch commits are available at https://git.kernel.org/stable/c/4b6e1da50b22e5528b9003f376a3cecccce4decc (6.6 stable), https://git.kernel.org/stable/c/59f6ccd0f3345be2e8a78bdef2103e93f180633a, https://git.kernel.org/stable/c/9787b3d9b908785b40bc3f2e6d7082fdb8fdd98a, https://git.kernel.org/stable/c/e0adbf74e2a0455a6bc9628726ba87bcd0b42bf8, and https://git.kernel.org/stable/c/f27197ccfd2ecd2c71f27fd57c6d507e892ad24d. For systems that cannot be immediately patched and where Xilinx XDMA hardware is present, a compensating control is to blacklist the xdma kernel module (echo 'blacklist xdma' >> /etc/modprobe.d/blacklist.conf) to prevent the driver from probing, though this disables XDMA DMA functionality entirely. Systems without Xilinx XDMA hardware are not affected and require no action.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31439 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy