Skip to main content

Linux Kernel CVE-2026-31491

| EUVDEUVD-2026-24861 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-p9j3-q86p-m6qq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
Apr 28, 2026 - 12:52 vuln.today
CVSS changed
Apr 28, 2026 - 12:52 NVD
5.5 (MEDIUM)
Patch released
Apr 28, 2026 - 12:51 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24861
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

RDMA/irdma: Harden depth calculation functions

An issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size. This can cause integer overflow and truncation of SQ/RQ/SRQ depth returning a success when it should have failed.

Harden the functions to do all depth calculations and boundary checking in u64 sizes.

AnalysisAI

Integer overflow in Linux kernel RDMA/irdma depth calculation functions allows local authenticated users to trigger a denial of service via improper handling of U32_MAX values passed for SQ/RQ/SRQ size parameters. The vulnerability stems from depth calculations performed in 32-bit integers rather than 64-bit, enabling truncation that bypasses validation and returns success when allocation should fail, potentially causing system instability or resource exhaustion.

Technical ContextAI

The vulnerability exists in the RDMA/irdma (Intel Ethernet RDMA Driver) subsystem within the Linux kernel. RDMA (Remote Direct Memory Access) is a low-latency communication protocol, and irdma is Intel's implementation for Ethernet-based RDMA. The vulnerability specifically affects depth calculation functions that determine queue sizes for Send Queue (SQ), Receive Queue (RQ), and Shared Receive Queue (SRQ) - critical data structure dimensions in RDMA queue management. When the operating system passes U32_MAX (4,294,967,295) as a size parameter, integer arithmetic performed in 32-bit context causes overflow and truncation, allowing boundary checks to pass when they should fail. The root cause is CWE-190 (Integer Overflow or Wraparound), where calculations must be hardened to use 64-bit (u64) arithmetic to prevent truncation and ensure proper validation of requested queue depths.

RemediationAI

Apply the upstream kernel patch from commit e37afcb56ae070477741fe2d6e61fc0c542cce2d or upgrade to patched stable versions: Linux 6.18.21, 6.19.11, or 7.0 and later. For systems running 6.18, update to 6.18.21 or later in the 6.18 series; for 6.19 users, upgrade to 6.19.11 or later; for 7.0 pre-release systems, upgrade to final 7.0 release or later. If immediate kernel patching is not feasible, the primary compensating control is restricting RDMA device access to trusted applications and users via SELinux or AppArmor policies that limit irdma driver interaction, though this may impact legitimate RDMA workloads. Disable RDMA functionality entirely on systems where it is not required by blacklisting the irdma kernel module (add 'blacklist irdma' to /etc/modprobe.d/blacklist.conf and rebuild initramfs), though this permanently disables InfiniBand or RoCE (RDMA over Converged Ethernet) capabilities on affected hardware. System administrators should prioritize this patch during the next scheduled kernel update cycle, especially in high-performance computing and cloud data center environments where RDMA is actively used. References: https://git.kernel.org/stable/c/e37afcb56ae070477741fe2d6e61fc0c542cce2d

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31491 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy