{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31443", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.090Z", "datePublished": "2026-04-22T13:53:40.616Z", "dateUpdated": "2026-04-22T13:53:40.616Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T13:53:40.616Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix crash when the event log is disabled\n\nIf reporting errors to the event log is not supported by the hardware,\nand an error that causes Function Level Reset (FLR) is received, the\ndriver will try to restore the event log even if it was not allocated.\n\nAlso, only try to free the event log if it was properly allocated."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/device.c", "drivers/dma/idxd/init.c"], "versions": [{"version": "6078a315aec15e0776fa90347cf4eba7478cdbd7", "lessThan": "aa0ffc6d3990ec35976308a068dc23178037e564", "status": "affected", "versionType": "git"}, {"version": "6078a315aec15e0776fa90347cf4eba7478cdbd7", "lessThan": "0e761079d653c25f838380cf7cef2730832110cc", "status": "affected", "versionType": "git"}, {"version": "6078a315aec15e0776fa90347cf4eba7478cdbd7", "lessThan": "52d2edea0d63c935e82631e4b9e4a94eccf97b5b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/device.c", "drivers/dma/idxd/init.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564"}, {"url": "https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc"}, {"url": "https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b"}], "title": "dmaengine: idxd: Fix crash when the event log is disabled", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix crash when the event log is disabled\n\nIf reporting errors to the event log is not supported by the hardware,\nand an error that causes Function Level Reset (FLR) is received, the\ndriver will try to restore the event log even if it was not allocated.\n\nAlso, only try to free the event log if it was properly allocated."}], "id": "CVE-2026-31443", "lastModified": "2026-04-22T14:16:37.860", "metrics": {}, "published": "2026-04-22T14:16:37.860", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e761079d653c25f838380cf7cef2730832110cc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/52d2edea0d63c935e82631e4b9e4a94eccf97b5b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aa0ffc6d3990ec35976308a068dc23178037e564"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: dmaengine: idxd: Fix crash when the event log is disabled", "id": "2460686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460686"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["A flaw was found in the Linux kernel's dmaengine: idxd driver. When hardware does not support event logging and an error triggers a Function Level Reset (FLR), the driver attempts to restore or free an event log that was never allocated. This improper handling can lead to a system crash, resulting in a Denial of Service (DoS) for affected systems."], "name": "CVE-2026-31443", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31443\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31443\nhttps://lore.kernel.org/linux-cve-announce/2026042245-CVE-2026-31443-0b7d@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6078a315aec15e0776fa90347cf4eba7478cdbd7,aa0ffc6d3990ec35976308a068dc23178037e564)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6078a315aec15e0776fa90347cf4eba7478cdbd7,0e761079d653c25f838380cf7cef2730832110cc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6078a315aec15e0776fa90347cf4eba7478cdbd7,52d2edea0d63c935e82631e4b9e4a94eccf97b5b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T19:13:41.940555+00:00", "value": {"mitigation_remediation": ["Apply a recent Linux kernel release that includes the idxd de\u2011allocation fix (the patch that prevents restoration of a disabled event log).", "Configure the idxd driver or hardware to disable event logging when event logging is unsupported, ensuring the driver skips the restoration logic.", "After updating and configuration, conduct regression tests that simulate FLR errors to confirm the crash no longer occurs."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service (kernel crash)"}, "threat_synthesis": {"affected_systems": "All Linux kernel deployments that include the idxd driver are potentially affected, regardless of hardware configuration. The exact kernel versions are not specified, so any kernel build that incorporates the idxd driver without the recent patch may be vulnerable.", "description_and_impact": "The idxd driver in the Linux kernel crashes when it attempts to restore an event log that was never allocated, such as when the hardware does not support event logging. The crash occurs during handling of a Function Level Reset (FLR) error, leading to a kernel panic and a denial of service. The weakness involved is a null pointer dereference, resulting in an unhandled fault and loss of service.", "risk_and_exploitability": "The CVSS score is not provided, and the EPSS score is unavailable, so the quantitative risk is unknown. However, the vulnerability is a high\u2011impact kernel crash that typically requires a local privilege level to trigger. An attacker that can cause a FLR error in the hardware would force the kernel to attempt to restore an unallocated event log, leading to a crash. The CISA KEV status indicates the vulnerability is not listed as a known exploited vulnerability.\n\nBased on the description, the likely attack vector is a local, privileged attacker who can manipulate the hardware to generate an error that triggers the kernel crash. Remote exploitation is not explicitly supported by the provided data, and no condition for remote code execution is described.\n\nThe vulnerability remains a severe risk due to the potential for widespread kernel instability across affected Linux systems but the lack of public exploit evidence tempers immediate urgency. Nonetheless, applying the fixed driver code is the only definitive mitigation. "}}}}, "created": "2026-04-22T15:45:20.720748+00:00", "updated": "2026-04-22T19:15:24.484757+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-476"]}