{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31492", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.102Z", "datePublished": "2026-04-22T13:54:15.581Z", "dateUpdated": "2026-05-11T22:09:46.883Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:09:46.883Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet. Fix this\nby initializing the completion before the ib_copy_to_udata call."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/verbs.c"], "versions": [{"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "ac1da7bd224d406b6f1b84414f0f652ab43b6bd8", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "af310407f79d5816fc0ab3638e1588b6193316dd", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "cd1534c8f4984432382c240f6784408497f5bb0a", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "3cb88c12461b71c7d9c604aa2e6a9a477ecfa147", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "f72996834f7bdefc2b95e3eec30447ee195df44e", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "11a95521fb93c91e2d4ef9d53dc80ef0a755549b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/verbs.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8"}, {"url": "https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd"}, {"url": "https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a"}, {"url": "https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147"}, {"url": "https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e"}, {"url": "https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b"}], "title": "RDMA/irdma: Initialize free_qp completion before using it", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "70E8C815-4965-47D0-8917-D4B88DB19CAA", "versionEndExcluding": "6.1.168", "versionStartIncluding": "5.14.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE6ED4D4-0046-4573-BFA9-D64143B6A89F", "versionEndExcluding": "6.6.131", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*", "matchCriteriaId": "6A05198E-F8FA-4517-8D0E-8C95066AED38", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet. Fix this\nby initializing the completion before the ib_copy_to_udata call."}], "id": "CVE-2026-31492", "lastModified": "2026-04-28T12:46:35.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:47.010", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: RDMA/irdma: Initialize free_qp completion before using it", "id": "2460663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460663"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-908", "details": ["A flaw was found in the Linux kernel's RDMA (Remote Direct Memory Access) irdma driver. This vulnerability occurs when the `free_qp` completion is not properly initialized before being used during the cleanup process in `irdma_destroy_qp`, specifically if the `ib_copy_to_udata` function fails. An attacker could potentially trigger this uninitialized wait, leading to system instability or a denial of service (DoS)."], "name": "CVE-2026-31492", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31492\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31492\nhttps://lore.kernel.org/linux-cve-announce/2026042202-CVE-2026-31492-2f6c@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,ac1da7bd224d406b6f1b84414f0f652ab43b6bd8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,af310407f79d5816fc0ab3638e1588b6193316dd)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,cd1534c8f4984432382c240f6784408497f5bb0a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,3cb88c12461b71c7d9c604aa2e6a9a477ecfa147)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,f72996834f7bdefc2b95e3eec30447ee195df44e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,11a95521fb93c91e2d4ef9d53dc80ef0a755549b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.168,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.131,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T02:25:28.298922+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that contains the irdma free_qp completion initialization fix (any kernel build including commits 11a95521fb93c91e2d4ef9d53dc80ef0a755549b and related changes).", "If an immediate kernel upgrade is not possible, temporarily disable the irdma RDMA driver by blacklisting the module until the patch is applied.", "Continuously monitor system logs for RDMA\u2011related errors or unexpected crashes and apply the fix as soon as it becomes available."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affecting only the Linux kernel, any system running a kernel build that predates the commit that adds initialization of the free_qp completion is at risk. The relevant updates are contained in the commits referenced in the advisory, such as 11a95521fb93c91e2d4ef9d53dc80ef0a755549b, 3cb88c12461b71c7d9c604aa2e6a9a477ecfa147, and others.", "description_and_impact": "The vulnerability affects the RDMA/irdma driver in the Linux kernel. When a queue pair is created, a failure in copying data to user space triggers cleanup that waits on a completion object that was never initialized. The uninitialized completion can cause the kernel to block indefinitely or crash, resulting in a denial of service. This flaw is identified as a use\u2011after\u2011initialization weakness (CWE\u2011908).", "risk_and_exploitability": "The CVSS score of 5.5 indicates a medium severity vulnerability, and the EPSS score of < 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; it is triggered when a user attempts to create an RDMA queue pair which requires access to RDMA devices or privileged execution. The flaw is mitigated by initializing the completion before the ib_copy_to_udata call, preventing the kernel from blocking or crashing during cleanup."}}}}, "created": "2026-04-22T19:00:08.089779+00:00", "updated": "2026-04-29T02:30:07.589107+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}