CVE-2026-31436

EPSS 0.06%
Veröffentlicht 22.04.2026 14:16:36
Zuletzt bearbeitet 27.04.2026 14:16:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()

At the end of this function, d is the traversal cursor of flist, but the
code completes found instead. This can lead to issues such as NULL pointer
dereferences, double completion, or descriptor leaks.

Fix this by completing d instead of found in the final
list_for_each_entry_safe() loop.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version aa8d18becc0c14aa3eb46d6d1b81450446e11b87

Version < e21da2ad8844585040fe4b82be1ad2fe99d40074

Status affected

Version aa8d18becc0c14aa3eb46d6d1b81450446e11b87

Version < 82656e8daf8de00935ae91b91bed43f4d6e0d644

Status affected

Version aa8d18becc0c14aa3eb46d6d1b81450446e11b87

Version < 0e4f43779d550e559be13a5cdb763bad92c4cc99

Status affected

Version aa8d18becc0c14aa3eb46d6d1b81450446e11b87

Version < e1c9866173c5f8521f2d0768547a01508cb9ff27

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.8

Status affected

Version 0

Version < 6.8

Status unaffected

Version <= 6.12.*

Version 6.12.80

Status unaffected

Version <= 6.18.*

Version 6.18.21

Status unaffected

Version <= 6.19.*

Version 6.19.11

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0e4f43779d550e559be13a5cdb763bad92c4cc99

https://git.kernel.org/stable/c/82656e8daf8de00935ae91b91bed43f4d6e0d644

https://git.kernel.org/stable/c/e1c9866173c5f8521f2d0768547a01508cb9ff27

https://git.kernel.org/stable/c/e21da2ad8844585040fe4b82be1ad2fe99d40074

https://nvd.nist.gov/vuln/detail/CVE-2026-31436

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31436

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31436

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31436