{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()",
    "id" : "2460678",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2460678"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-910",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc()\nAt the end of this function, d is the traversal cursor of flist, but the\ncode completes found instead. This can lead to issues such as NULL pointer\ndereferences, double completion, or descriptor leaks.\nFix this by completing d instead of found in the final\nlist_for_each_entry_safe() loop.", "A flaw was found in the Linux kernel's dmaengine subsystem, specifically within the idxd driver. This vulnerability occurs due to incorrect descriptor completion in the `llist_abort_desc()` function. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks, which can result in a denial of service." ],
  "statement" : "This issue affects Intel Data Streaming Accelerator (idxd) descriptor abort handling in the upstream kernel. A mistaken completion target can destabilize the device path and crash or hang the system under error recovery. Red Hat tracks the CVE against supported products and will ship the upstream fix through kernel errata. Scope is limited to systems with idxd hardware and the driver loaded.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31436\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31436\nhttps://lore.kernel.org/linux-cve-announce/2026042242-CVE-2026-31436-7ac7@gregkh/T" ],
  "name" : "CVE-2026-31436",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the idxd module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.",
    "lang" : "en:us"
  },
  "csaw" : false
}