CVE-2026-31436 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-22 | Updated 2026-04-27 | Assigner Linux

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

Default status

unaffected

aa8d18becc0c14aa3eb46d6d1b81450446e11b87 (git) before e21da2ad8844585040fe4b82be1ad2fe99d40074

affected

aa8d18becc0c14aa3eb46d6d1b81450446e11b87 (git) before 82656e8daf8de00935ae91b91bed43f4d6e0d644

affected

aa8d18becc0c14aa3eb46d6d1b81450446e11b87 (git) before 0e4f43779d550e559be13a5cdb763bad92c4cc99

affected

aa8d18becc0c14aa3eb46d6d1b81450446e11b87 (git) before e1c9866173c5f8521f2d0768547a01508cb9ff27

affected

Default status

affected

6.8

affected

Any version before 6.8

unaffected

6.12.80 (semver)

unaffected

6.18.21 (semver)

unaffected

6.19.11 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/e21da2ad8844585040fe4b82be1ad2fe99d40074

git.kernel.org/...c/82656e8daf8de00935ae91b91bed43f4d6e0d644

git.kernel.org/...c/0e4f43779d550e559be13a5cdb763bad92c4cc99

git.kernel.org/...c/e1c9866173c5f8521f2d0768547a01508cb9ff27

cve.org (CVE-2026-31436)

nvd.nist.gov (CVE-2026-31436)

Download JSON

help @ threatint.eu