Skip to main content

Linux Kernel EUVDEUVD-2026-24775

| CVE-2026-31443 MEDIUM
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:45 vuln.today
CVSS changed
May 07, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch released
Apr 23, 2026 - 16:17 nvd
Patch available
Patch available
Apr 22, 2026 - 16:02 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24775
CVE Published
Apr 22, 2026 - 14:16 nvd
N/A
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix crash when the event log is disabled

If reporting errors to the event log is not supported by the hardware, and an error that causes Function Level Reset (FLR) is received, the driver will try to restore the event log even if it was not allocated.

Also, only try to free the event log if it was properly allocated.

AnalysisAI

Denial of service in the Linux kernel dmaengine idxd subsystem allows local attackers with low privileges to crash the system by triggering a Function Level Reset when the hardware does not support event log reporting. The vulnerability occurs when the driver attempts to restore or free an event log that was never allocated, resulting in a kernel crash with high availability impact.

Technical ContextAI

The vulnerability exists in the dmaengine idxd (Intel Data Accelerator Engine) subsystem of the Linux kernel. The idxd driver manages Intel's data movement accelerator hardware and includes event logging functionality for error reporting. The bug occurs in error handling code that processes Function Level Reset (FLR) events - hardware-generated resets triggered by critical errors. When hardware does not support event log reporting (no allocation), the driver still attempts to restore and free the event log buffer during FLR recovery, causing a null pointer dereference or use-after-free. The affected code path involves conditional logic that fails to check whether the event log was actually allocated before attempting to access or free it. This is a resource management issue in kernel driver code with access restricted to local users with elevated privileges on affected systems.

RemediationAI

Update the Linux kernel to patched versions: 6.18.21 or later for 6.18.x series, 6.19.11 or later for 6.19.x series, or 7.0 release or later for the 7.0 branch. Apply the fix commits available at https://git.kernel.org/stable/ by cherry-picking the relevant patch from the references. Organizations cannot implement effective workarounds without kernel modifications; the issue resides in low-level driver code. Mitigation is limited to disabling Intel Data Accelerator hardware in BIOS if deployment does not require it, though this sacrifices hardware functionality. The patch is localized to conditional logic in error handling and carries minimal risk of regression.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-24775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy