CVE-2026-31442
Analyzed Analyzed - Analysis Complete
Use-After-Free in Linux dmaengine idxd After FLR

Publication date: 2026-04-22

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible invalid memory access after FLR In the case that the first Function Level Reset (FLR) concludes correctly, but in the second FLR the scratch area for the saved configuration cannot be allocated, it's possible for a invalid memory access to happen. Always set the deallocated scratch area to NULL after FLR completes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31442
EUVD
EUVD-2026-24772
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.14 (inc) to 6.18.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

An invalid memory access vulnerability can lead to system instability, crashes, or potential security risks such as privilege escalation or denial of service. In this case, if the scratch area is not properly handled after a Function Level Reset, it could cause the Linux kernel to access invalid memory, potentially affecting system reliability and security.

Executive Summary

This vulnerability exists in the Linux kernel's dmaengine idxd component. It involves a potential invalid memory access that can occur after a Function Level Reset (FLR). Specifically, if the first FLR completes successfully but the second FLR fails to allocate the scratch area for the saved configuration, an invalid memory access may happen. The fix involves always setting the deallocated scratch area to NULL after the FLR completes to prevent this issue.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the dmaengine idxd driver has the fix applied. This fix addresses the invalid memory access issue after Function Level Reset (FLR) by properly handling the scratch area allocation and setting it to NULL after FLR completes.

Applying the latest kernel patches or upgrading to a fixed kernel version is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31442. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart