CVE-2026-31442

High

Published: 22 April 2026

Published

22 April 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31442 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely application of Linux kernel patches that set the deallocated scratch area to NULL after FLR, preventing invalid memory access.

CM-7 Least Functionality good match

prevent

Minimizes functionality by disabling the unnecessary idxd DMA driver, eliminating the attack surface for the FLR-related invalid memory access in the Linux kernel.

SI-16 Memory Protection partial match

prevent

Implements kernel memory protections such as KASLR and SMEP to mitigate exploitation of the invalid memory access for corruption, denial of service, or privilege escalation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Local kernel memory corruption flaw directly enables exploitation for privilege escalation (T1068) and endpoint DoS via system exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible invalid memory access after FLR In the case that the first Function Level Reset (FLR) concludes correctly, but in the second FLR the scratch area for…

the saved configuration cannot be allocated, it's possible for a invalid memory access to happen. Always set the deallocated scratch area to NULL after FLR completes.

Deeper analysisAI

CVE-2026-31442 is a vulnerability in the Linux kernel's dmaengine idxd driver that can lead to an invalid memory access. The issue arises when the first Function Level Reset (FLR) completes successfully, but during a subsequent FLR, the scratch area for the saved configuration cannot be allocated. This flaw was published on 2026-04-22 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing kernel memory corruption, denial of service, or privilege escalation.

Mitigation is provided through patches in the Linux kernel stable tree, as detailed in the referenced commits: https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026, https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d, and https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d. These patches ensure the deallocated scratch area is always set to NULL after FLR completion, preventing the invalid memory access.

Details

CWE(s): CWE-125

Affected Products

linux

linux kernel

7.0 · 6.14 — 6.18.21 · 6.19 — 6.19.11

CVEs Like This One

CVE-2026-31558Same product: Linux Linux Kernel

CVE-2025-21647Same product: Linux Linux Kernel

CVE-2026-31742Same product: Linux Linux Kernel

CVE-2026-23076Same product: Linux Linux Kernel

CVE-2026-31528Same product: Linux Linux Kernel

CVE-2025-71101Same product: Linux Linux Kernel

CVE-2024-57982Same product: Linux Linux Kernel

CVE-2026-31569Same product: Linux Linux Kernel

CVE-2025-71136Same product: Linux Linux Kernel

CVE-2026-23099Same product: Linux Linux Kernel

References

https://git.kernel.org/stable/c/504c0e6751001ac46917c73e703f2b1b92cfc026
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/867d0c801f21370d561420fa32f2ea1a7dc3a22d
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d6077df7b75d26e4edf98983836c05d00ebabd8d
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67