{"api_version":"1","generated_at":"2026-05-03T12:42:28+00:00","cve":"CVE-2026-31743","urls":{"html":"https://cve.report/CVE-2026-31743","api":"https://cve.report/api/cve/CVE-2026-31743.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31743","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31743"},"summary":{"title":"nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy\n\nBuffer size used in dma allocation and memcpy is wrong.\nIt can lead to undersized DMA buffer access and possible\nmemory corruption. use correct buffer size in dma_alloc_coherent\nand memcpy.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-01 15:16:37","updated_at":"2026-05-03 07:16:19"},"problem_types":[],"metrics":[{"version":"3.1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://git.kernel.org/stable/c/f9b88613ff402aa6fe8fd020573cb95867ae947e","name":"https://git.kernel.org/stable/c/f9b88613ff402aa6fe8fd020573cb95867ae947e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/784ed4abded1ca4b525fa4cade8b02f8c5d2a087","name":"https://git.kernel.org/stable/c/784ed4abded1ca4b525fa4cade8b02f8c5d2a087","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6c01e7f11f5e5f22285d19510a9643e2506e13c3","name":"https://git.kernel.org/stable/c/6c01e7f11f5e5f22285d19510a9643e2506e13c3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/2f6e5b9964d0a63a5ba84fca2642876afb70a662","name":"https://git.kernel.org/stable/c/2f6e5b9964d0a63a5ba84fca2642876afb70a662","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31743","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31743","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 737c0c8d07b5f671c0a33cec95965fcb2d2ea893 2f6e5b9964d0a63a5ba84fca2642876afb70a662 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 737c0c8d07b5f671c0a33cec95965fcb2d2ea893 784ed4abded1ca4b525fa4cade8b02f8c5d2a087 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 737c0c8d07b5f671c0a33cec95965fcb2d2ea893 6c01e7f11f5e5f22285d19510a9643e2506e13c3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 737c0c8d07b5f671c0a33cec95965fcb2d2ea893 f9b88613ff402aa6fe8fd020573cb95867ae947e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.9","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.9 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.81 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.22 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.12 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"31743","cve":"CVE-2026-31743","epss":"0.000180000","percentile":"0.046600000","score_date":"2026-05-02","updated_at":"2026-05-03 00:00:23"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/nvmem/zynqmp_nvmem.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"2f6e5b9964d0a63a5ba84fca2642876afb70a662","status":"affected","version":"737c0c8d07b5f671c0a33cec95965fcb2d2ea893","versionType":"git"},{"lessThan":"784ed4abded1ca4b525fa4cade8b02f8c5d2a087","status":"affected","version":"737c0c8d07b5f671c0a33cec95965fcb2d2ea893","versionType":"git"},{"lessThan":"6c01e7f11f5e5f22285d19510a9643e2506e13c3","status":"affected","version":"737c0c8d07b5f671c0a33cec95965fcb2d2ea893","versionType":"git"},{"lessThan":"f9b88613ff402aa6fe8fd020573cb95867ae947e","status":"affected","version":"737c0c8d07b5f671c0a33cec95965fcb2d2ea893","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/nvmem/zynqmp_nvmem.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.9"},{"lessThan":"6.9","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.81","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.22","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.12","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.81","versionStartIncluding":"6.9","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.22","versionStartIncluding":"6.9","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.12","versionStartIncluding":"6.9","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.9","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy\n\nBuffer size used in dma allocation and memcpy is wrong.\nIt can lead to undersized DMA buffer access and possible\nmemory corruption. use correct buffer size in dma_alloc_coherent\nand memcpy."}],"metrics":[{"cvssV3_1":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"providerMetadata":{"dateUpdated":"2026-05-03T05:45:44.831Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/2f6e5b9964d0a63a5ba84fca2642876afb70a662"},{"url":"https://git.kernel.org/stable/c/784ed4abded1ca4b525fa4cade8b02f8c5d2a087"},{"url":"https://git.kernel.org/stable/c/6c01e7f11f5e5f22285d19510a9643e2506e13c3"},{"url":"https://git.kernel.org/stable/c/f9b88613ff402aa6fe8fd020573cb95867ae947e"}],"title":"nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31743","datePublished":"2026-05-01T14:14:38.154Z","dateReserved":"2026-03-09T15:48:24.138Z","dateUpdated":"2026-05-03T05:45:44.831Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-01 15:16:37","lastModifiedDate":"2026-05-03 07:16:19","problem_types":[],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31743","Ordinal":"1","Title":"nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy","CVE":"CVE-2026-31743","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31743","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy\n\nBuffer size used in dma allocation and memcpy is wrong.\nIt can lead to undersized DMA buffer access and possible\nmemory corruption. use correct buffer size in dma_alloc_coherent\nand memcpy.","Type":"Description","Title":"nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy"}]}}}