{"api_version":"1","generated_at":"2026-04-26T10:17:31+00:00","cve":"CVE-2026-31565","urls":{"html":"https://cve.report/CVE-2026-31565","api":"https://cve.report/api/cve/CVE-2026-31565.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31565","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31565"},"summary":{"title":"RDMA/irdma: Fix deadlock during netdev reset with active connections","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix deadlock during netdev reset with active connections\n\nResolve deadlock that occurs when user executes netdev reset while RDMA\napplications (e.g., rping) are active. The netdev reset causes ice\ndriver to remove irdma auxiliary driver, triggering device_delete and\nsubsequent client removal. During client removal, uverbs_client waits\nfor QP reference count to reach zero while cma_client holds the final\nreference, creating circular dependency and indefinite wait in iWARP\nmode. Skip QP reference count wait during device reset to prevent\ndeadlock.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-04-24 15:16:30","updated_at":"2026-04-24 17:51:40"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/009831768faeca3fb5950ce63f1b49594ec82389","name":"https://git.kernel.org/stable/c/009831768faeca3fb5950ce63f1b49594ec82389","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/acb060bc2609c2eab49263968be59c7d59d497bc","name":"https://git.kernel.org/stable/c/acb060bc2609c2eab49263968be59c7d59d497bc","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/464bbb844ba5b68e038220c34019069a0a9f1581","name":"https://git.kernel.org/stable/c/464bbb844ba5b68e038220c34019069a0a9f1581","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a8a1c7621127a15a02494b96ee376406c064237b","name":"https://git.kernel.org/stable/c/a8a1c7621127a15a02494b96ee376406c064237b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/cd8bcec2de5e24e05c34c9391940fda6f50e79b4","name":"https://git.kernel.org/stable/c/cd8bcec2de5e24e05c34c9391940fda6f50e79b4","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6f52370970ac07d352a7af4089e55e0e6425f827","name":"https://git.kernel.org/stable/c/6f52370970ac07d352a7af4089e55e0e6425f827","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/adf0de36e52a48681eb58cbd7cbf6c8d200caa2b","name":"https://git.kernel.org/stable/c/adf0de36e52a48681eb58cbd7cbf6c8d200caa2b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31565","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31565","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 0b3c392b82cdf867808a8ea7c6760d3c7e6b6627 009831768faeca3fb5950ce63f1b49594ec82389 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 07322c8a12d6c796450faacb8be9e5e3c278ec84 adf0de36e52a48681eb58cbd7cbf6c8d200caa2b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c8f304d75f6c6cc679a73f89591f9a915da38f09 acb060bc2609c2eab49263968be59c7d59d497bc git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c8f304d75f6c6cc679a73f89591f9a915da38f09 a8a1c7621127a15a02494b96ee376406c064237b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c8f304d75f6c6cc679a73f89591f9a915da38f09 cd8bcec2de5e24e05c34c9391940fda6f50e79b4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c8f304d75f6c6cc679a73f89591f9a915da38f09 464bbb844ba5b68e038220c34019069a0a9f1581 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c8f304d75f6c6cc679a73f89591f9a915da38f09 6f52370970ac07d352a7af4089e55e0e6425f827 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6ee53f82540769a6d6e77e40b901f9b9edfa5ff2 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.4","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.4 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.168 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.131 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.80 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.21 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.11 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"31565","cve":"CVE-2026-31565","epss":"0.000240000","percentile":"0.068020000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:20"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/infiniband/hw/irdma/verbs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"009831768faeca3fb5950ce63f1b49594ec82389","status":"affected","version":"0b3c392b82cdf867808a8ea7c6760d3c7e6b6627","versionType":"git"},{"lessThan":"adf0de36e52a48681eb58cbd7cbf6c8d200caa2b","status":"affected","version":"07322c8a12d6c796450faacb8be9e5e3c278ec84","versionType":"git"},{"lessThan":"acb060bc2609c2eab49263968be59c7d59d497bc","status":"affected","version":"c8f304d75f6c6cc679a73f89591f9a915da38f09","versionType":"git"},{"lessThan":"a8a1c7621127a15a02494b96ee376406c064237b","status":"affected","version":"c8f304d75f6c6cc679a73f89591f9a915da38f09","versionType":"git"},{"lessThan":"cd8bcec2de5e24e05c34c9391940fda6f50e79b4","status":"affected","version":"c8f304d75f6c6cc679a73f89591f9a915da38f09","versionType":"git"},{"lessThan":"464bbb844ba5b68e038220c34019069a0a9f1581","status":"affected","version":"c8f304d75f6c6cc679a73f89591f9a915da38f09","versionType":"git"},{"lessThan":"6f52370970ac07d352a7af4089e55e0e6425f827","status":"affected","version":"c8f304d75f6c6cc679a73f89591f9a915da38f09","versionType":"git"},{"status":"affected","version":"6ee53f82540769a6d6e77e40b901f9b9edfa5ff2","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/infiniband/hw/irdma/verbs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.4"},{"lessThan":"6.4","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.168","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.131","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.80","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.21","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.11","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"5.15.116","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.168","versionStartIncluding":"6.1.33","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.131","versionStartIncluding":"6.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.80","versionStartIncluding":"6.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.21","versionStartIncluding":"6.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.11","versionStartIncluding":"6.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.7","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix deadlock during netdev reset with active connections\n\nResolve deadlock that occurs when user executes netdev reset while RDMA\napplications (e.g., rping) are active. The netdev reset causes ice\ndriver to remove irdma auxiliary driver, triggering device_delete and\nsubsequent client removal. During client removal, uverbs_client waits\nfor QP reference count to reach zero while cma_client holds the final\nreference, creating circular dependency and indefinite wait in iWARP\nmode. Skip QP reference count wait during device reset to prevent\ndeadlock."}],"providerMetadata":{"dateUpdated":"2026-04-24T14:35:46.006Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/009831768faeca3fb5950ce63f1b49594ec82389"},{"url":"https://git.kernel.org/stable/c/adf0de36e52a48681eb58cbd7cbf6c8d200caa2b"},{"url":"https://git.kernel.org/stable/c/acb060bc2609c2eab49263968be59c7d59d497bc"},{"url":"https://git.kernel.org/stable/c/a8a1c7621127a15a02494b96ee376406c064237b"},{"url":"https://git.kernel.org/stable/c/cd8bcec2de5e24e05c34c9391940fda6f50e79b4"},{"url":"https://git.kernel.org/stable/c/464bbb844ba5b68e038220c34019069a0a9f1581"},{"url":"https://git.kernel.org/stable/c/6f52370970ac07d352a7af4089e55e0e6425f827"}],"title":"RDMA/irdma: Fix deadlock during netdev reset with active connections","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31565","datePublished":"2026-04-24T14:35:46.006Z","dateReserved":"2026-03-09T15:48:24.117Z","dateUpdated":"2026-04-24T14:35:46.006Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-24 15:16:30","lastModifiedDate":"2026-04-24 17:51:40","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31565","Ordinal":"1","Title":"RDMA/irdma: Fix deadlock during netdev reset with active connect","CVE":"CVE-2026-31565","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31565","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix deadlock during netdev reset with active connections\n\nResolve deadlock that occurs when user executes netdev reset while RDMA\napplications (e.g., rping) are active. The netdev reset causes ice\ndriver to remove irdma auxiliary driver, triggering device_delete and\nsubsequent client removal. During client removal, uverbs_client waits\nfor QP reference count to reach zero while cma_client holds the final\nreference, creating circular dependency and indefinite wait in iWARP\nmode. Skip QP reference count wait during device reset to prevent\ndeadlock.","Type":"Description","Title":"RDMA/irdma: Fix deadlock during netdev reset with active connect"}]}}}