CVE-2026-31441
Description
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix memory leak when a wq is reset
idxd_wq_disable_cleanup() which is called from the reset path for a workqueue, sets the wq type to NONE, which for other parts of the driver mean that the wq is empty (all its resources were released).
Only set the wq type to NONE after its resources are released.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's idxd driver, a memory leak occurs when resetting a workqueue because the workqueue type is set to NONE before its resources are released.
Vulnerability
In the Linux kernel's idxd DMA engine driver, a memory leak vulnerability exists in the workqueue (wq) reset path. The function idxd_wq_disable_cleanup() sets the workqueue type to NONE before releasing its resources, causing a leak [1]. This means that after a reset, the memory allocated for the wq is never freed.
Exploitation
The vulnerability can be triggered by resetting a workqueue, which is a routine operation that may be performed by local users with sufficient privileges or through driver interactions. No external network access is required.
Impact
An attacker who can repeatedly cause wq resets may exhaust system memory over time, potentially leading to denial of service (DoS) due to out-of-memory conditions.
Mitigation
The fix ensures the workqueue type is set to NONE only after all resources are released. The patch has been backported to stable kernel trees [1]; users should update to the latest kernel version provided by their distribution.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.7.10,<5.8
- cpe:2.3:o:linux:linux_kernel:5.8:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.8:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.8:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/0c3d3ac57e3c52b570b8c695903306bff07e04c8nvdPatch
- git.kernel.org/stable/c/39c1504e0e76bcfb93991fd94288a83e05d13b51nvdPatch
- git.kernel.org/stable/c/54d77cc0c40ca2f894859dc7b3c52997574f1a2anvdPatch
- git.kernel.org/stable/c/a16098a2f0c11ee5e04e23aa7478ca1fcfb0f658nvdPatch
- git.kernel.org/stable/c/a9e7815d38629bcf59d3005001f1f315424a58denvdPatch
- git.kernel.org/stable/c/d9cfb5193a047a92a4d3c0e91ea4cc87c8f7c478nvdPatch
News mentions
0No linked articles in our index yet.