CVE-2026-31439

Vulnerability

Analysis

The vulnerability resides in the Xilinx XDMA driver within the Linux kernel. The function devm_regmap_init_mmio returns an ERR_PTR() on failure, not NULL. The original code incorrectly checked for a NULL pointer, which meant that error conditions leading to an ERR_PTR return were not properly handled. This oversight could cause the driver to proceed with an invalid regmap reference, potentially leading to undefined behavior or system instability [1].

Exploitation

Exploitation requires the ability to trigger an allocation failure within the kernel, such as by exhausting memory or malforming device initialization parameters. An attacker with local access and the capability to load or influence the Xilinx DMA driver's initialization sequence could provoke the error path. No authentication is needed beyond standard user privileges that allow interacting with the DMA subsystem [2].

Impact

If the error is not caught, the driver may use a corrupted or invalid regmap structure. This can lead to kernel memory corruption, system crashes (denial of service), or potentially privilege escalation if an attacker can control the invalid pointer to overwrite sensitive data. The CVSS v3 score of 5.5 (Medium) reflects the requirement for local access and the potential for high availability impact [3].

Mitigation

The fix involves replacing the incorrect NULL check with the proper IS_ERR() macro and using the error code from ERR_PTR() for the error message. Patches have been backported to stable kernel trees as of April 2026. Users should apply the latest stable updates from their kernel vendor [4].