CVE-2026-31743
Published: 01 May 2026
Summary
CVE-2026-31743 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, testing, and correction of the buffer size flaw in the zynqmp_nvmem driver via kernel patches to eliminate memory corruption risk.
Implements memory protections such as ASLR and non-executable memory to mitigate exploitation of the undersized DMA buffer access leading to kernel memory corruption.
Enforces secure configuration settings for the Linux kernel, including hardened parameters that reduce susceptibility to buffer sizing errors in drivers like zynqmp_nvmem.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption in zynqmp_nvmem driver (undersized DMA buffer) directly enables privilege escalation via exploitation of a software vulnerability, matching T1068.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy Buffer size used in dma allocation and memcpy is wrong. It can lead to undersized DMA buffer access and possible memory…
more
corruption. use correct buffer size in dma_alloc_coherent and memcpy.
Deeper analysisAI
CVE-2026-31743 is a vulnerability in the Linux kernel's zynqmp_nvmem NVMEM driver, where an incorrect buffer size is used during DMA allocation via dma_alloc_coherent and in memcpy operations. This error results in undersized DMA buffer access, potentially leading to memory corruption. The issue has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impacts on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows access to an undersized DMA buffer, enabling memory corruption that could facilitate privilege escalation, arbitrary code execution, or system crashes, depending on the attacker's capabilities and the system's configuration.
Mitigation involves applying the relevant Linux kernel patches, as detailed in the upstream commit references. These fixes correct the buffer size used in dma_alloc_coherent and memcpy operations within the zynqmp_nvmem driver, resolving the undersized buffer issue. Security practitioners should update affected kernel versions promptly via stable kernel releases incorporating commits such as 2f6e5b9964d0a63a5ba84fca2642876afb70a662, 6c01e7f11f5e5f22285d19510a9643e2506e13c3, 784ed4abded1ca4b525fa4cade8b02f8c5d2a087, and f9b88613ff402aa6fe8fd020573cb95867ae947e.
Details
- CWE(s)