CVE-2026-31493
Received Received - Intake
Use-After-Free Vulnerability in Linux Kernel RDMA EFA Component

Publication date: 2026-04-22

Last updated on: 2026-04-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we print data from the completion context. The issue is that we already freed the completion context in polling/interrupts handler which means we print data from context in an unknown state (it might be already used again). Change the admin submission flow so alloc/dealloc of the context will be symmetric and dealloc will be called after any potential use of the context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31493
EUVD
EUVD-2026-24863
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.12
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 5.12.1 (inc) to 6.18.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/efa component related to admin queue completion handling. When an admin command completes with an error, the system attempts to print data from the completion context. However, the completion context has already been freed in the polling or interrupts handler, meaning the data being printed may come from a context that is in an unknown or reused state. This can lead to incorrect or unpredictable behavior.

The fix involves changing the admin submission flow so that allocation and deallocation of the completion context are symmetric, ensuring that deallocation happens only after the context is no longer needed.

Impact Analysis

This vulnerability can cause the system to access and print data from a freed completion context, which may lead to unpredictable behavior or data corruption. Since the context might be reused, this could potentially expose stale or incorrect data, possibly affecting system stability or reliability.

Mitigation Strategies

The vulnerability has been resolved by fixing the use of the completion context after it has been freed in the Linux kernel RDMA/efa component.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix, ensuring that the admin submission flow properly allocates and deallocates the completion context symmetrically.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31493. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart