PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31440 Linux CVE debrief

CVE-2026-31440 is a Linux kernel availability issue in the dmaengine idxd driver. NVD describes a memory leak in event log handling during device removal: if the device is reset first, configuration registers return to default zero values, and the driver's pre-free check can fail, leaving event log memory undeallocated. The published fix removes that fragile support check and relies on the event-log allocation state instead. NVD rates the issue MEDIUM (CVSS 5.5) and models it as a local, low-privilege availability impact.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-05-17
Advisory published
2026-04-22
Advisory updated
2026-05-17

Who should care

Linux kernel maintainers, distro security teams, and operators running systems that use the idxd/dmaengine path should care, especially where device remove/reset events are part of normal administration or hot-plug workflows. Systems on affected kernel ranges should prioritize updating because the issue can consume kernel memory and degrade availability.

Technical summary

The vulnerability is a CWE-401 resource leak in the Linux kernel's idxd driver. During device removal, the device is reset and its configuration registers revert to zero. The buggy cleanup logic checked whether event-log support was enabled before freeing memory; after reset, that check could fail even though event-log memory had been allocated earlier. The result is leaked event log memory on the remove path. NVD's affected-version criteria include Linux kernel 6.4 before 6.12.80, 6.13 before 6.18.21, 6.19 before 6.19.11, and 7.0 release candidates rc1 through rc5.

Defensive priority

Medium priority. The issue is not rated critical, but it affects kernel availability and is fixed in upstream/stable references. Apply the kernel update promptly on affected builds, particularly if idxd is enabled or device remove/reset operations occur in production.

Recommended defensive actions

  • Upgrade to a kernel version that includes the referenced fix commits from the official kernel stable tree.
  • Identify whether your fleet uses the idxd driver or related dmaengine functionality and prioritize those hosts for remediation.
  • Review systems on affected ranges listed by NVD: 6.4 to before 6.12.80, 6.13 to before 6.18.21, 6.19 to before 6.19.11, and 7.0 rc1-rc5.
  • Monitor for unusual kernel memory growth or repeated device removal/reset activity on affected hosts until patched.
  • If immediate upgrading is not possible, reduce unnecessary device remove/reset operations on affected systems where operationally feasible.

Evidence notes

This debrief is based on the supplied CVE description and NVD metadata only. The source corpus states the defect occurs during device removal after a reset causes configuration registers to return to zero, preventing cleanup from freeing event log memory when the driver checks support state instead of allocation state. NVD classifies the weakness as CWE-401 and provides the affected kernel version ranges and official kernel patch references. No exploit details or unsupported impact claims are included.

Official resources

CVE published by NVD on 2026-04-22 and modified on 2026-05-17. This debrief uses those CVE dates for timing context and treats the later modification as record updates, not as the original issue date.