{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31491", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.102Z", "datePublished": "2026-04-22T13:54:14.905Z", "dateUpdated": "2026-05-11T22:09:45.736Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:09:45.736Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Harden depth calculation functions\n\nAn issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size.\nThis can cause integer overflow and truncation of SQ/RQ/SRQ depth\nreturning a success when it should have failed.\n\nHarden the functions to do all depth calculations and boundary\nchecking in u64 sizes."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/uk.c"], "versions": [{"version": "563e1feb5f6ed579acb55850f1bbb831aecf645a", "lessThan": "3f08351de5ca4f2f724b86ad252fbc21289467e1", "status": "affected", "versionType": "git"}, {"version": "563e1feb5f6ed579acb55850f1bbb831aecf645a", "lessThan": "cbd852f5700eb3f64392452faf693ac45cae8281", "status": "affected", "versionType": "git"}, {"version": "563e1feb5f6ed579acb55850f1bbb831aecf645a", "lessThan": "e37afcb56ae070477741fe2d6e61fc0c542cce2d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/uk.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3f08351de5ca4f2f724b86ad252fbc21289467e1"}, {"url": "https://git.kernel.org/stable/c/cbd852f5700eb3f64392452faf693ac45cae8281"}, {"url": "https://git.kernel.org/stable/c/e37afcb56ae070477741fe2d6e61fc0c542cce2d"}], "title": "RDMA/irdma: Harden depth calculation functions", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2E98868-4027-46EE-AD08-92C9D7283181", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.18.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*", "matchCriteriaId": "DCE57113-2223-4308-A0F2-5E6ECFBB3C23", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Harden depth calculation functions\n\nAn issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size.\nThis can cause integer overflow and truncation of SQ/RQ/SRQ depth\nreturning a success when it should have failed.\n\nHarden the functions to do all depth calculations and boundary\nchecking in u64 sizes."}], "id": "CVE-2026-31491", "lastModified": "2026-04-28T12:51:22.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:46.880", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f08351de5ca4f2f724b86ad252fbc21289467e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbd852f5700eb3f64392452faf693ac45cae8281"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e37afcb56ae070477741fe2d6e61fc0c542cce2d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: RDMA/irdma: Harden depth calculation functions", "id": "2460689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460689"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in the Linux kernel's RDMA/irdma component. A local attacker could exploit an integer overflow and truncation vulnerability when the operating system passes a maximum unsigned 32-bit integer (U32_MAX) for SQ/RQ/SRQ size. This can lead to the system incorrectly reporting a successful operation when it should have failed, potentially causing unexpected behavior or a denial of service."], "name": "CVE-2026-31491", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31491\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31491\nhttps://lore.kernel.org/linux-cve-announce/2026042201-CVE-2026-31491-e599@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[563e1feb5f6ed579acb55850f1bbb831aecf645a,3f08351de5ca4f2f724b86ad252fbc21289467e1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[563e1feb5f6ed579acb55850f1bbb831aecf645a,cbd852f5700eb3f64392452faf693ac45cae8281)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[563e1feb5f6ed579acb55850f1bbb831aecf645a,e37afcb56ae070477741fe2d6e61fc0c542cce2d)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T15:34:39.512199+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the RDMA/irdma depth calculation hardening patch", "Recompile the kernel with RDMA support disabled (CONFIG_RDMA set to n) if the patch is not yet available", "If RDMA must remain enabled, limit RDMA operations to trusted users and monitor kernel logs for abnormal queue depth errors"], "summary": {"action": "Apply Patch", "impact": "Integer overflow in RDMA depth calculations leading to incorrect queue depths"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the RDMA/irdma module and have not yet applied the hardening change are affected. No specific kernel version range is listed, so any RDMA/irdma\u2011enabled kernel revision released before the patch may be vulnerable. The vendor is Linux and the product is the Linux kernel.", "description_and_impact": "The Linux kernel\u2019s RDMA/irdma module performs queue depth calculations using 32\u2011bit arithmetic. When a user supplies the maximum 32\u2011bit unsigned value (U32_MAX) for send, receive, or shared receive queues, the computation overflows, truncating the depth and allowing the kernel to report success even though the allocation should have failed. The result is an inaccurate queue depth that can cause resource exhaustion or kernel instability, potentially leading to a denial of service.", "risk_and_exploitability": "An attacker must supply an RDMA request with an oversized depth value to trigger the overflow. The likely attack vector is local or from an RDMA application with elevated privileges, as the vulnerability requires an RDMA operation in kernel space; it is inferred that a network\u2011based vector is not supported by the description. The EPSS score of less than 1\u202f% and the lack of inclusion in CISA\u2019s KEV catalog imply a low probability of exploitation in the wild. Based on the CVSS score of 5.5, the vulnerability can cause moderate impact if exploited, but the overall risk is considered low unless the attacker has RDMA access."}}}}, "created": "2026-04-22T17:30:22.457337+00:00", "updated": "2026-04-28T15:45:06.373657+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}