CVE-2026-31436
Published: Apr 22, 2026
Modified: May 11, 2026
CVSS v3.1
9.8
Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected aa8d18becc0c14aa3eb46d6d1b81450446e11b87 - < e21da2ad8844585040fe4b82be1ad2fe99d40074affected aa8d18becc0c14aa3eb46d6d1b81450446e11b87 - < 82656e8daf8de00935ae91b91bed43f4d6e0d644affected aa8d18becc0c14aa3eb46d6d1b81450446e11b87 - < 0e4f43779d550e559be13a5cdb763bad92c4cc99affected aa8d18becc0c14aa3eb46d6d1b81450446e11b87 - < e1c9866173c5f8521f2d0768547a01508cb9ff27 |
Linux | Linux | affected 6.8unaffected 0 - < 6.8unaffected 6.12.80 - <= 6.12.*unaffected 6.18.21 - <= 6.18.*unaffected 6.19.11 - <= 6.19.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now