{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31743", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.138Z", "datePublished": "2026-05-01T14:14:38.154Z", "dateUpdated": "2026-05-11T22:14:54.119Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:14:54.119Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy\n\nBuffer size used in dma allocation and memcpy is wrong.\nIt can lead to undersized DMA buffer access and possible\nmemory corruption. use correct buffer size in dma_alloc_coherent\nand memcpy."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvmem/zynqmp_nvmem.c"], "versions": [{"version": "737c0c8d07b5f671c0a33cec95965fcb2d2ea893", "lessThan": "2f6e5b9964d0a63a5ba84fca2642876afb70a662", "status": "affected", "versionType": "git"}, {"version": "737c0c8d07b5f671c0a33cec95965fcb2d2ea893", "lessThan": "784ed4abded1ca4b525fa4cade8b02f8c5d2a087", "status": "affected", "versionType": "git"}, {"version": "737c0c8d07b5f671c0a33cec95965fcb2d2ea893", "lessThan": "6c01e7f11f5e5f22285d19510a9643e2506e13c3", "status": "affected", "versionType": "git"}, {"version": "737c0c8d07b5f671c0a33cec95965fcb2d2ea893", "lessThan": "f9b88613ff402aa6fe8fd020573cb95867ae947e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvmem/zynqmp_nvmem.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.81", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2f6e5b9964d0a63a5ba84fca2642876afb70a662"}, {"url": "https://git.kernel.org/stable/c/784ed4abded1ca4b525fa4cade8b02f8c5d2a087"}, {"url": "https://git.kernel.org/stable/c/6c01e7f11f5e5f22285d19510a9643e2506e13c3"}, {"url": "https://git.kernel.org/stable/c/f9b88613ff402aa6fe8fd020573cb95867ae947e"}], "title": "nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6276F46A-4462-4160-9890-B059A6D60C74", "versionEndExcluding": "6.12.81", "versionStartIncluding": "6.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9DF8BCE-36D3-475D-9D21-19E4F02F9029", "versionEndExcluding": "6.18.22", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A2B9540-02D5-41B4-B16A-82AF66FD4F36", "versionEndExcluding": "6.19.12", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy\n\nBuffer size used in dma allocation and memcpy is wrong.\nIt can lead to undersized DMA buffer access and possible\nmemory corruption. use correct buffer size in dma_alloc_coherent\nand memcpy."}], "id": "CVE-2026-31743", "lastModified": "2026-05-07T19:36:42.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-05-01T15:16:37.047", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f6e5b9964d0a63a5ba84fca2642876afb70a662"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6c01e7f11f5e5f22285d19510a9643e2506e13c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/784ed4abded1ca4b525fa4cade8b02f8c5d2a087"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f9b88613ff402aa6fe8fd020573cb95867ae947e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy", "id": "2464445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464445"}, "csaw": false, "cwe": "CWE-131", "details": ["A flaw was found in the Linux kernel, specifically within the `nvmem` and `zynqmp_nvmem` modules. An incorrect buffer size used during Direct Memory Access (DMA) allocation and `memcpy` operations can lead to undersized DMA buffer access. This vulnerability could allow a local attacker to cause memory corruption, potentially leading to system instability or denial of service."], "name": "CVE-2026-31743", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31743\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31743\nhttps://lore.kernel.org/linux-cve-announce/2026050140-CVE-2026-31743-e8c6@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[737c0c8d07b5f671c0a33cec95965fcb2d2ea893,2f6e5b9964d0a63a5ba84fca2642876afb70a662)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[737c0c8d07b5f671c0a33cec95965fcb2d2ea893,784ed4abded1ca4b525fa4cade8b02f8c5d2a087)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[737c0c8d07b5f671c0a33cec95965fcb2d2ea893,6c01e7f11f5e5f22285d19510a9643e2506e13c3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[737c0c8d07b5f671c0a33cec95965fcb2d2ea893,f9b88613ff402aa6fe8fd020573cb95867ae947e)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.9)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.81,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.22,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.12,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,* )"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-01T17:00:10.792597+00:00", "updated": "2026-05-07T20:30:15.265949+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}