Skip to main content

Linux Kernel CVE-2026-31442

| EUVDEUVD-2026-24772 HIGH
Out-of-bounds Read (CWE-125)
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-8c5h-wq74-72cw
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 27, 2026 - 14:26 vuln.today
CVSS changed
Apr 27, 2026 - 14:22 NVD
7.8 (HIGH)
Patch released
Apr 27, 2026 - 14:16 nvd
Patch available
Patch available
Apr 22, 2026 - 16:02 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24772
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix possible invalid memory access after FLR

In the case that the first Function Level Reset (FLR) concludes correctly, but in the second FLR the scratch area for the saved configuration cannot be allocated, it's possible for a invalid memory access to happen.

Always set the deallocated scratch area to NULL after FLR completes.

AnalysisAI

Use-after-free in Linux kernel idxd DMA engine driver allows local authenticated attackers to execute arbitrary code, disclose sensitive memory, or crash the system when Function Level Reset operations fail to allocate scratch memory. The vulnerability affects Linux kernels from commit 98d187a98903 through versions 6.14, 6.18.x before 6.18.21, and 6.19.x before 6.19.11. Vendor patches are available across stable branches with EPSS indicating 0.02% exploitation probability (4th percentile), suggesting limited active targeting despite the high CVSS 7.8 score. No CISA KEV listing or public exploit code identified at time of analysis.

Technical ContextAI

The idxd (Intel Data Streaming Accelerator) driver manages DMA engine operations in the Linux kernel. During Function Level Reset (FLR) sequences, the driver saves device configuration to a scratch memory area before resetting hardware state. The vulnerability occurs in a race condition where the first FLR completes successfully but the second FLR fails to allocate scratch memory for configuration backup. The original code deallocates the scratch area without setting the pointer to NULL, creating a dangling pointer. Subsequent operations may attempt to access this freed memory region, triggering use-after-free conditions. This represents a classic memory safety issue in kernel-space driver code where proper cleanup state management is critical for system stability and security.

RemediationAI

Apply vendor-released patches: upgrade to Linux kernel 7.0 or later for mainline systems, version 6.19.11 or later for 6.19 stable branch users, or version 6.18.21 or later for 6.18 LTS deployments. Patches modify idxd driver code to explicitly set the scratch memory pointer to NULL after deallocation during FLR sequences, preventing use-after-free conditions. If immediate patching is infeasible, disable the idxd driver module using 'modprobe -r idxd' or blacklist it in /etc/modprobe.d/blacklist.conf with 'blacklist idxd' - this eliminates attack surface but disables Intel DSA hardware acceleration features, potentially impacting workloads relying on DMA offload for storage, networking, or data processing operations. For systems not using DSA capabilities, driver disablement has no functional impact. Verify driver status with 'lsmod | grep idxd' and confirm DSA hardware presence with 'lspci | grep -i accelerator' before applying workarounds.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31442 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy