{"api_version":"1","generated_at":"2026-04-28T16:41:39+00:00","cve":"CVE-2026-31442","urls":{"html":"https://cve.report/CVE-2026-31442","api":"https://cve.report/api/cve/CVE-2026-31442.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31442","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31442"},"summary":{"title":"dmaengine: idxd: Fix possible invalid memory access after FLR","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-04-22 14:16:37","updated_at":"2026-04-27 14:16:38"},"problem_types":[],"metrics":[{"version":"3.1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d","name":"https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026","name":"https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d","name":"https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31442","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31442","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 98d187a989036096feaa2fef1ec3b2240ecdeacf 504c0e6751001ac46917c73e703f2b1b92cfc026 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 98d187a989036096feaa2fef1ec3b2240ecdeacf 867d0c801f21370d561420fa32f2ea1a7dc3a22d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 98d187a989036096feaa2fef1ec3b2240ecdeacf d6077df7b75d26e4edf98983836c05d00ebabd8d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.14","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.14 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.21 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.11 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"31442","cve":"CVE-2026-31442","epss":"0.000170000","percentile":"0.040590000","score_date":"2026-04-27","updated_at":"2026-04-28 00:06:44"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/dma/idxd/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"504c0e6751001ac46917c73e703f2b1b92cfc026","status":"affected","version":"98d187a989036096feaa2fef1ec3b2240ecdeacf","versionType":"git"},{"lessThan":"867d0c801f21370d561420fa32f2ea1a7dc3a22d","status":"affected","version":"98d187a989036096feaa2fef1ec3b2240ecdeacf","versionType":"git"},{"lessThan":"d6077df7b75d26e4edf98983836c05d00ebabd8d","status":"affected","version":"98d187a989036096feaa2fef1ec3b2240ecdeacf","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/dma/idxd/init.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.14"},{"lessThan":"6.14","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.21","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.11","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.21","versionStartIncluding":"6.14","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.11","versionStartIncluding":"6.14","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.14","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes."}],"metrics":[{"cvssV3_1":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"providerMetadata":{"dateUpdated":"2026-04-27T14:03:09.016Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026"},{"url":"https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d"},{"url":"https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d"}],"title":"dmaengine: idxd: Fix possible invalid memory access after FLR","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31442","datePublished":"2026-04-22T13:53:39.895Z","dateReserved":"2026-03-09T15:48:24.090Z","dateUpdated":"2026-04-27T14:03:09.016Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-22 14:16:37","lastModifiedDate":"2026-04-27 14:16:38","problem_types":[],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31442","Ordinal":"1","Title":"dmaengine: idxd: Fix possible invalid memory access after FLR","CVE":"CVE-2026-31442","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31442","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible invalid memory access after FLR\n\nIn the case that the first Function Level Reset (FLR) concludes\ncorrectly, but in the second FLR the scratch area for the saved\nconfiguration cannot be allocated, it's possible for a invalid memory\naccess to happen.\n\nAlways set the deallocated scratch area to NULL after FLR completes.","Type":"Description","Title":"dmaengine: idxd: Fix possible invalid memory access after FLR"}]}}}