Skip to main content

Linux Kernel EUVDEUVD-2026-24771

| CVE-2026-31441 MEDIUM
Memory Leak (CWE-401)
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:45 vuln.today
CVSS changed
May 07, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch released
Apr 23, 2026 - 16:17 nvd
Patch available
Patch available
Apr 22, 2026 - 16:02 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24771
CVE Published
Apr 22, 2026 - 14:16 nvd
N/A
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix memory leak when a wq is reset

idxd_wq_disable_cleanup() which is called from the reset path for a workqueue, sets the wq type to NONE, which for other parts of the driver mean that the wq is empty (all its resources were released).

Only set the wq type to NONE after its resources are released.

AnalysisAI

Memory leak in the Linux kernel dmaengine idxd driver occurs when a workqueue is reset, causing resources to be improperly released due to premature setting of the workqueue type to NONE. A local attacker with low privileges can trigger this condition to exhaust kernel memory and cause a denial of service. The vulnerability affects kernel versions 5.8 through 7.0 and has an available vendor patch with low exploitation probability (EPSS 0.02%).

Technical ContextAI

The vulnerability resides in the dmaengine idxd (Intel Data Accelerators) driver subsystem, specifically in the idxd_wq_disable_cleanup() function invoked during workqueue reset operations. The idxd driver manages DMA operations for Intel accelerator hardware. The bug occurs because idxd_wq_disable_cleanup() sets the workqueue type field to NONE before releasing allocated resources, signaling to other driver code that the workqueue is empty and fully cleaned. Subsequent resource release attempts then fail because the type-to-NONE transition causes other code paths to skip cleanup, leading to orphaned memory allocations. This is a classic use-after-free prevention failure (CWE-401: Missing Release of Memory after Effective Lifetime). The fix requires reordering the type assignment to occur only after all resources have been explicitly freed, ensuring proper cleanup sequencing. CPE data indicates affectation across the entire Linux kernel product line with specific versions 5.8 through 7.0-rc1 confirmed vulnerable.

RemediationAI

Apply vendor-released kernel patch from stable branches: upgrade to Linux 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, or 7.0 depending on your current kernel series. Direct upstream commits available at git.kernel.org/stable include commit 0c3d3ac57e3c52b570b8c695903306bff07e04c8 and related fixes. For distributions, obtain patched kernel packages from your Linux vendor (Red Hat, Canonical, SUSE, etc.) corresponding to the above stable versions. If immediate patching is not feasible, restrict unprivileged local user access on systems with DMA accelerator hardware (idxd devices) by disabling user namespaces or limiting user login privileges until patches are applied, though this provides only partial mitigation since the underlying memory leak still occurs for system users. Test patched kernels thoroughly on idxd-equipped systems before production deployment to ensure driver stability.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-24771 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy