VDB

CVE-2026-31436

CVE-2026-31436 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop.

EPSS 0.07% · 20.5th percentile

Risk Scores

EPSS Score
0.07%
20.5th percentile

Affected Products

VendorProductVersions
linuxlinux_kernel6.8, 6.8, 6.8
LinuxLinuxaa8d18becc0c14aa3eb46d6d1b81450446e11b87, aa8d18becc0c14aa3eb46d6d1b81450446e11b87, aa8d18becc0c14aa3eb46d6d1b81450446e11b87

Timeline

  • Apr 22, 2026 CVE Published
  • Apr 23, 2026 Security Advisory
  • Apr 27, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

…and 50 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›