Skip to main content

Linux Kernel EUVDEUVD-2026-27362

| CVE-2026-43064 MEDIUM
2026-05-05 Linux GHSA-98q7-c2pp-x8xp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 29, 2026 - 20:36 vuln.today
CVSS changed
May 29, 2026 - 18:22 NVD
5.5 (MEDIUM)
Patch available
May 05, 2026 - 17:01 EUVD
CVE Published
May 05, 2026 - 15:23 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix not releasing workqueue on .release()

The workqueue associated with an DSA/IAA device is not released when the object is freed.

AnalysisAI

Resource leak in the Linux kernel dmaengine idxd subsystem allows a local low-privileged user to cause availability impact on systems equipped with Intel DSA (Data Streaming Accelerator) or IAA (Intel Analytics Accelerator) hardware. The .release() callback for the associated workqueue fails to free the workqueue when the device object is destroyed, meaning repeated allocation and deallocation cycles progressively exhaust kernel workqueue resources. No public exploit identified at time of analysis, and an EPSS score of 0.02% (7th percentile) confirms negligible real-world exploitation probability; however, patched stable kernel releases are available and should be applied on affected hardware platforms.

Technical ContextAI

The idxd driver, part of the Linux kernel's DMA engine subsystem (drivers/dma/idxd/), manages Intel DSA and IAA accelerators exposed as character devices. Kernel workqueues created during device initialization to service DMA operation completions are not destroyed in the corresponding .release() callback - the code path executed when a device file descriptor is closed and the kobject reference count drops to zero. This constitutes a kernel resource leak: each release cycle leaves an orphaned workqueue consuming kernel memory and system resources. The CPE data (cpe:2.3:a:linux:linux:*) confirms the affected codebase is the mainline Linux kernel. Although NVD lists CWE as N/A, the root cause aligns with CWE-401 (Missing Release of Memory after Effective Lifetime) or CWE-772 (Missing Release of Resource after Effective Lifetime). The CVSS impact profile (C:N/I:N/A:H) is consistent with a pure availability-affecting resource exhaustion class, not information disclosure - the 'Information Disclosure' tag in the source metadata appears to be a tagging error inconsistent with both the description and CVSS vector.

RemediationAI

Apply the vendor-released patches targeting the respective stable branches: kernel 6.1.168 (commit 958e96533ddbd1edd127feb7624a7eed0cc379dc at https://git.kernel.org/stable/c/958e96533ddbd1edd127feb7624a7eed0cc379dc), 6.6.131 (commit 2bb9e9e93adff9cc8a138ae9a3a8d59b3452272e at https://git.kernel.org/stable/c/2bb9e9e93adff9cc8a138ae9a3a8d59b3452272e), 6.12.80 (commit fc34f199eb576b3a73089452fdf0056cc9a9301d at https://git.kernel.org/stable/c/fc34f199eb576b3a73089452fdf0056cc9a9301d), 6.18.21 (commit fd4cb61bbd0fc3a749a8da6145cbb56d8f6dba35 at https://git.kernel.org/stable/c/fd4cb61bbd0fc3a749a8da6145cbb56d8f6dba35), 6.19.11 (commit 3d33de353b1ff9023d5ec73b9becf80ea87af695 at https://git.kernel.org/stable/c/3d33de353b1ff9023d5ec73b9becf80ea87af695), and kernel 7.0. For systems where immediate kernel upgrade is not feasible and Intel DSA/IAA acceleration is not strictly required, unloading or blacklisting the idxd kernel module (echo 'blacklist idxd' >> /etc/modprobe.d/blacklist.conf) eliminates exposure entirely at the cost of losing hardware DMA offload functionality. For production systems where idxd is required, prioritize scheduling the kernel update and monitor for signs of resource exhaustion (kernel workqueue pool depletion) as a compensating detective control.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27362 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy