Skip to main content

Linux Kernel CVE-2026-31743

| EUVDEUVD-2026-26556 HIGH
Out-of-bounds Write (CWE-787)
2026-05-01 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:28 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:02 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26556
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:14 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy

Buffer size used in dma allocation and memcpy is wrong. It can lead to undersized DMA buffer access and possible memory corruption. use correct buffer size in dma_alloc_coherent and memcpy.

AnalysisAI

Memory corruption in the Linux kernel zynqmp_nvmem driver allows local authenticated users to achieve privilege escalation through undersized DMA buffer exploitation. The vulnerability stems from incorrect buffer size calculations in dma_alloc_coherent and memcpy operations, enabling heap or memory corruption that can lead to complete system compromise. With a 7.8 CVSS score but only 0.02% EPSS (5th percentile), this represents a high-severity issue affecting specific Xilinx Zynq UltraScale+ deployments rather than a widespread exploitation target. Patches available across multiple stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0) with upstream fixes confirmed in git commits.

Technical ContextAI

The zynqmp_nvmem driver provides non-volatile memory access for Xilinx Zynq UltraScale+ SoC platforms through the Linux NVMEM framework. This vulnerability affects the DMA (Direct Memory Access) buffer allocation and memory copy operations within the driver. When allocating coherent DMA memory via dma_alloc_coherent() and copying data with memcpy(), the driver uses an incorrectly calculated buffer size that is smaller than required. This classic buffer size mismatch creates an undersized buffer condition where DMA operations or memory copies can write beyond allocated boundaries. The affected code path was introduced in commit 737c0c8d07b5 and impacts kernel versions from 6.9 onwards. The CPE strings indicate this is specific to Linux kernel implementations, particularly those running on Xilinx Zynq hardware with NVMEM support enabled.

RemediationAI

Apply vendor-released patches immediately for affected kernel versions: upgrade to Linux kernel 6.12.81 or later for 6.12.x branch, 6.18.22 or later for 6.18.x branch, 6.19.12 or later for 6.19.x branch, or 7.0 for mainline. Patches correct the buffer size calculations in dma_alloc_coherent and memcpy operations within the zynqmp_nvmem driver. Review upstream commits at https://git.kernel.org/stable/c/784ed4abded1ca4b525fa4cade8b02f8c5d2a087 (and related commits 6c01e7f11f5e, 2f6e5b9964d0, f9b88613ff40) for technical details. If immediate patching is not feasible for embedded systems with constrained update cycles, disable the zynqmp_nvmem driver via kernel module blacklisting (add 'blacklist zynqmp_nvmem' to /etc/modprobe.d/blacklist.conf and rebuild initramfs), though this eliminates NVMEM functionality and may break system features dependent on non-volatile storage access. Implement kernel address space layout randomization (KASLR) if not already enabled to increase exploitation difficulty, though this only raises the bar rather than eliminating the vulnerability. Restrict local user access and monitor for unusual privilege escalation attempts in systems that cannot be immediately patched.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31743 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy