What is GHSA-j9j9-688w-mvpv?

GHSA-j9j9-688w-mvpv is a security advisory published by GitHub Security Advisories with Critical severity. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix...

Which CVE IDs does GHSA-j9j9-688w-mvpv cover?

GHSA-j9j9-688w-mvpv covers the following CVE IDs: CVE-2026-31436. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-j9j9-688w-mvpv?

GHSA-j9j9-688w-mvpv has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-j9j9-688w-mvpvCriticalCVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix...

Vendor

GitHub Security Advisories

Published

April 22, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-31436 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer dereferences, double completion, or descriptor leaks. Fix this by completing d instead of found in the final list_for_each_entry_safe() loop.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-31436
https://git.kernel.org/stable/c/0e4f43779d550e559be13a5cdb763bad92c4cc99
https://git.kernel.org/stable/c/82656e8daf8de00935ae91b91bed43f4d6e0d644
https://git.kernel.org/stable/c/e1c9866173c5f8521f2d0768547a01508cb9ff27
https://git.kernel.org/stable/c/e21da2ad8844585040fe4b82be1ad2fe99d40074
https://github.com/advisories/GHSA-j9j9-688w-mvpv