{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31442", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.090Z", "datePublished": "2026-04-22T13:53:39.895Z", "dateUpdated": "2026-04-22T13:53:39.895Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T13:53:39.895Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/init.c"], "versions": [{"version": "98d187a989036096feaa2fef1ec3b2240ecdeacf", "lessThan": "504c0e6751001ac46917c73e703f2b1b92cfc026", "status": "affected", "versionType": "git"}, {"version": "98d187a989036096feaa2fef1ec3b2240ecdeacf", "lessThan": "867d0c801f21370d561420fa32f2ea1a7dc3a22d", "status": "affected", "versionType": "git"}, {"version": "98d187a989036096feaa2fef1ec3b2240ecdeacf", "lessThan": "d6077df7b75d26e4edf98983836c05d00ebabd8d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/init.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026"}, {"url": "https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d"}, {"url": "https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d"}], "title": "dmaengine: idxd: Fix possible invalid memory access after FLR", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes."}], "id": "CVE-2026-31442", "lastModified": "2026-04-22T14:16:37.703", "metrics": {}, "published": "2026-04-22T14:16:37.703", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: dmaengine: idxd: Fix possible invalid memory access after FLR", "id": "2460680", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460680"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["A flaw was found in the Linux kernel's dmaengine: idxd component. During a Function Level Reset (FLR), if the system fails to allocate the scratch area for saved configuration after a successful initial reset, it can lead to an invalid memory access. This vulnerability could result in system instability or denial of service."], "name": "CVE-2026-31442", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31442\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31442\nhttps://lore.kernel.org/linux-cve-announce/2026042244-CVE-2026-31442-dece@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": ["*"], "status": "affected", "versions": {"scheme": "code_commit", "value": "[98d187a989036096feaa2fef1ec3b2240ecdeacf,504c0e6751001ac46917c73e703f2b1b92cfc026)"}}, {"platform": ["*"], "status": "affected", "versions": {"scheme": "code_commit", "value": "[98d187a989036096feaa2fef1ec3b2240ecdeacf,867d0c801f21370d561420fa32f2ea1a7dc3a22d)"}}, {"platform": ["*"], "status": "affected", "versions": {"scheme": "code_commit", "value": "[98d187a989036096feaa2fef1ec3b2240ecdeacf,d6077df7b75d26e4edf98983836c05d00ebabd8d)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": ["*"], "status": "affected", "versions": {"scheme": "generic", "value": "6.14"}}, {"platform": ["*"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.14)"}}, {"platform": ["*"], "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": ["*"], "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": ["*"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T19:14:18.074271+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the patch that clears the scratch area after an FLR", "Verify that the specific commit hashes (e.g., 504c0e6, 867d0c8, d6077df) are present in the kernel source to ensure the fix is applied", "If a kernel update is not immediately possible, refrain from performing Function Level Resets on idxd devices until the issue is resolved"], "summary": {"action": "Apply patch", "impact": "Kernel memory corruption / crash"}, "threat_synthesis": {"affected_systems": "This vulnerability affects any system running the Linux kernel that includes the idxd dmaengine driver, which is common on platforms that provide Intel Data Plane Acceleration (DPA) infrastructure. The discrepancy is limited to kernels that have not been updated to include the corrective changes. No specific kernel version is listed, so all kernels using the vulnerable driver path are at risk until the patch is applied.", "description_and_impact": "A flaw in the idxd dmaengine driver can trigger an invalid memory access when a second Function Level Reset (FLR) fails to allocate its scratch area, after a successful first FLR. The driver does not set the deallocated scratch area to NULL, leaving a dangling reference that may be dereferenced during the FLR process, potentially leading to a kernel memory corruption or crash.", "risk_and_exploitability": "Because the flaw resides in a kernel driver, exploitation would likely require local privileged access or the ability to trigger a Function Level Reset via a device interface. A successful exploitation could cause a kernel panic or memory corruption, leading to denial of service or, if memory corruption is leveraged, escalation of privileges. The EPSS score is not available, and the vulnerability is not currently listed in the CISA KEV catalog, suggesting that active exploitation is not widely reported at this time. Nevertheless, the high impact of a kernel crash warrants immediate attention."}}}}, "created": "2026-04-22T16:45:21.256051+00:00", "updated": "2026-04-22T19:15:24.486508+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-476", "CWE-416"]}