CVE-2026-31440
Memory Leak in Linux Kernel dmaengine idxd Driver on Device Removal
Publication date: 2026-04-22
Last updated on: 2026-04-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved in the Linux kernel by fixing the dmaengine idxd driver to avoid leaking event log memory during device removal.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's dmaengine idxd driver. During the device removal process, the device is reset, which causes its configuration registers to revert to their default zero state. The driver attempts to check if event log support was enabled before deallocating memory related to the event log. However, if a reset occurred before this check, the verification fails, leading to a memory leak of the event log.
The fix involves removing the check for whether event log support was enabled and instead only verifying if the event log pointer is valid, which is sufficient because it is only allocated if the hardware capability exists.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel's dmaengine idxd driver during device removal. Over time, this memory leak could cause increased memory usage, potentially leading to system instability or degraded performance.