Skip to main content

Linux Kernel CVE-2026-31440

| EUVDEUVD-2026-24768 MEDIUM
Memory Leak (CWE-401)
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-w853-9vqg-wx8h
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:45 vuln.today
CVSS changed
May 07, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch released
Apr 23, 2026 - 16:17 nvd
Patch available
Patch available
Apr 22, 2026 - 16:02 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24768
CVE Published
Apr 22, 2026 - 14:16 nvd
N/A
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix leaking event log memory

During the device remove process, the device is reset, causing the configuration registers to go back to their default state, which is zero. As the driver is checking if the event log support was enabled before deallocating, it will fail if a reset happened before.

Do not check if the support was enabled, the check for 'idxd->evl' being valid (only allocated if the HW capability is available) is enough.

AnalysisAI

Memory leak in the Linux kernel dmaengine idxd driver during device removal allows local authenticated attackers to cause a denial of service by exhausting kernel memory. The vulnerability occurs when the device reset causes configuration registers to revert to default state, preventing proper deallocation of event log memory. EPSS exploitation probability is very low at 0.02%, and no public exploit has been identified.

Technical ContextAI

The vulnerability exists in the dmaengine idxd (Intel Data Accelerator) subsystem, specifically in event log memory management. The idxd driver manages Intel DLB (Data Movement Engine) hardware and its event logging capabilities. During device removal, a hardware reset causes configuration registers to reset to zero, which the driver incorrectly interprets as absence of event log support. The bug is in the deallocation logic that checks if event log support was enabled via a register flag before freeing the allocated event log memory (idxd->evl pointer). When the register flag is cleared by hardware reset but the kernel still holds a valid memory allocation, the memory leak occurs. CWE-401 (Improper Resource Release) classifies this as a resource cleanup failure where allocated memory is not freed due to incorrect conditional logic.

RemediationAI

Apply the vendor-released patch through kernel update to version 6.12.80, 6.18.21, 6.19.11, or 7.0 or later, depending on your kernel series. The fix modifies the device removal logic to always attempt deallocation of event log memory if the idxd->evl pointer is valid, removing the incorrect check for the event log support enabled register flag. Systems running older stable kernels should apply the corresponding backported fix from the references (commits 9dfa00967e6ef43a9dd0887fe5c3a721a39da92e, d94f9b0ba28a205caf95902ee88b42bdb8af83d0, ee66bc29578391c9b48523dc9119af67bd5c7c0f, or facd0012708e942fc12890708738aebde497564e depending on kernel series). For systems unable to immediately patch, monitor memory usage during idxd device lifecycle operations; systems not using Intel DLB hardware or not performing device hot-removal are not affected.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy