CRITICAL🇵🇱 Wersja polska

CVE-2026-31436

CVSS 9.8v3.1pub. 2026-04-22upd. 2026-05-19

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop.

🤖 AI Analysis
How it works

In the llist_abort_desc() function, the variable d serves as a cursor for iterating through the flist, however the code incorrectly calls completion on the variable found instead of on d. In the final list_for_each_entry_safe() loop, this causes an incorrect descriptor to be completed. This results in an inconsistent internal state of the DMA driver.

Impact

An attacker or malfunctioning code can lead to NULL pointer dereference, double completion of a descriptor, or resource leak, which in practice can result in system crash (kernel panic) or instability.

Mitigation & patch

Apply patches available from the vendor according to the references — specific fix commits are available at the addresses provided in the references section (git.kernel.org)

Who is affected

Linux kernel with dmaengine/idxd subsystem — versions indicated in the vendor references (commits in stable branches of the kernel.org repository)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    7.06.8 – 6.12.80 (bez)6.13 – 6.18.21 (bez)6.19 – 6.19.11 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...