CVE-2026-31436

CRITICAL

dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop.

Scores

CVSS v3 9.8
EPSS 0.0046
EPSS Percentile 36.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-476
Status published
Products (15)
linux/Kernel 6.13.0 - 6.18.21linux
linux/Kernel 6.19.0 - 6.19.11linux
linux/Kernel 6.8.0 - 6.12.80linux
Linux/Linux < 6.8
Linux/Linux 6.12.80 - 6.12.*
Linux/Linux 6.18.21 - 6.18.*
Linux/Linux 6.19.11 - 6.19.*
Linux/Linux 6.8
Linux/Linux 7.0
Linux/Linux aa8d18becc0c14aa3eb46d6d1b81450446e11b87 - 0e4f43779d550e559be13a5cdb763bad92c4cc99
... and 5 more
Published Apr 22, 2026
Tracked Since Apr 22, 2026