{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31492", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.102Z", "datePublished": "2026-04-22T13:54:15.581Z", "dateUpdated": "2026-04-22T13:54:15.581Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T13:54:15.581Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet. Fix this\nby initializing the completion before the ib_copy_to_udata call."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/verbs.c"], "versions": [{"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "ac1da7bd224d406b6f1b84414f0f652ab43b6bd8", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "af310407f79d5816fc0ab3638e1588b6193316dd", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "cd1534c8f4984432382c240f6784408497f5bb0a", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "3cb88c12461b71c7d9c604aa2e6a9a477ecfa147", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "f72996834f7bdefc2b95e3eec30447ee195df44e", "status": "affected", "versionType": "git"}, {"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08", "lessThan": "11a95521fb93c91e2d4ef9d53dc80ef0a755549b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/verbs.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8"}, {"url": "https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd"}, {"url": "https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a"}, {"url": "https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147"}, {"url": "https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e"}, {"url": "https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b"}], "title": "RDMA/irdma: Initialize free_qp completion before using it", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Initialize free_qp completion before using it\n\nIn irdma_create_qp, if ib_copy_to_udata fails, it will call\nirdma_destroy_qp to clean up which will attempt to wait on\nthe free_qp completion, which is not initialized yet. Fix this\nby initializing the completion before the ib_copy_to_udata call."}], "id": "CVE-2026-31492", "lastModified": "2026-04-22T14:16:47.010", "metrics": {}, "published": "2026-04-22T14:16:47.010", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/11a95521fb93c91e2d4ef9d53dc80ef0a755549b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3cb88c12461b71c7d9c604aa2e6a9a477ecfa147"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ac1da7bd224d406b6f1b84414f0f652ab43b6bd8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/af310407f79d5816fc0ab3638e1588b6193316dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd1534c8f4984432382c240f6784408497f5bb0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f72996834f7bdefc2b95e3eec30447ee195df44e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,ac1da7bd224d406b6f1b84414f0f652ab43b6bd8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,af310407f79d5816fc0ab3638e1588b6193316dd)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,cd1534c8f4984432382c240f6784408497f5bb0a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,3cb88c12461b71c7d9c604aa2e6a9a477ecfa147)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,f72996834f7bdefc2b95e3eec30447ee195df44e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b48c24c2d710cf34810c555dcef883a3d35a9c08,11a95521fb93c91e2d4ef9d53dc80ef0a755549b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.168,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.131,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T18:48:42.421250+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that contains the irdma free_qp completion initialization fix (any kernel build including commits 11a95521fb93c91e2d4ef9d53dc80ef0a755549b and related changes).", "If an immediate kernel upgrade is not possible, temporarily disable the irdma RDMA driver by blacklisting the module until the patch is applied.", "Continuously monitor system logs for RDMA\u2011related errors or unexpected crashes and apply the fix as soon as it becomes available."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affecting only the Linux kernel, any system running a kernel build that predates the commit that adds initialization of the free_qp completion is at risk. The relevant updates are contained in the commits referenced in the advisory, such as 11a95521fb93c91e2d4ef9d53dc80ef0a755549b, 3cb88c12461b71c7d9c604aa2e6a9a477ecfa147, and others.", "description_and_impact": "The vulnerability affects the RDMA/irdma driver in the Linux kernel. When a queue pair is created, a failure in copying data to user space triggers cleanup that waits on a completion object that was never initialized. The uninitialized completion can cause the kernel to block indefinitely or crash, resulting in a denial of service. This flaw is identified as a use-after-initialization weakness (CWE\u2011457).", "risk_and_exploitability": "No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of widespread exploitation at present. The attack vector is local, requiring the ability to invoke RDMA queue pair creation, which typically needs access to RDMA devices or a privileged user. The fix simply initializes the completion prior to any wait, eliminating the crash path."}}}}, "created": "2026-04-22T19:00:08.089779+00:00", "updated": "2026-04-22T19:30:24.550995+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-457"]}