CVE-2026-31440
Description
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix leaking event log memory
During the device remove process, the device is reset, causing the configuration registers to go back to their default state, which is zero. As the driver is checking if the event log support was enabled before deallocating, it will fail if a reset happened before.
Do not check if the support was enabled, the check for 'idxd->evl' being valid (only allocated if the HW capability is available) is enough.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the Linux kernel's idxd driver occurs during device removal because a reset clears configuration registers, causing the event log deallocation check to fail.
Vulnerability
Description
In the Linux kernel's idxd DMA engine driver, a memory leak occurs during device removal. When the device is removed, a reset is performed, which returns configuration registers to their default state (zero). The driver's cleanup code checks whether event log support was enabled by reading a configuration register; after the reset, this register reads zero, causing the driver to skip deallocating the event log memory. This results in a memory leak because the allocated memory for the event log is never freed [1][2][3][4].
Exploitation
The vulnerability is triggered during normal device removal operations, such as unbinding the driver or hot-unplugging the device. An attacker who can repeatedly trigger device removal (e.g., through physical access or by exploiting other vulnerabilities that cause device removal) could cause the kernel to leak memory each time. No authentication or special privileges are required beyond the ability to remove the device, making this a potential denial-of-service vector.
Impact
The primary impact is a kernel memory leak. Over time, repeated device removal events can exhaust kernel memory, leading to system instability, resource exhaustion, and ultimately a denial-of-service condition. The CVSS v3 score of 5.5 (Medium) reflects this limited but tangible impact.
Mitigation
The fix removes the faulty check on the configuration register and instead relies on the idxd->evl pointer being non-NULL, which is only set if the hardware actually supports the event log feature. This ensures that the event log memory is always deallocated when it was previously allocated. The patch has been applied to multiple stable kernel branches as seen in the referenced commits [1][2][3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.4,<6.12.80
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/9dfa00967e6ef43a9dd0887fe5c3a721a39da92envdPatch
- git.kernel.org/stable/c/d94f9b0ba28a205caf95902ee88b42bdb8af83d0nvdPatch
- git.kernel.org/stable/c/ee66bc29578391c9b48523dc9119af67bd5c7c0fnvdPatch
- git.kernel.org/stable/c/facd0012708e942fc12890708738aebde497564envdPatch
- git.kernel.org/stable/c/695b491dc3f20365fd5821f22e25dbe3c1c20cbcnvd
News mentions
0No linked articles in our index yet.