Description

In the Linux kernel, the following vulnerability has been resolved: iommupt: Fix short gather if the unmap goes into a large mapping unmap has the odd behavior that it can unmap more than requested if the ending point lands within the middle of a large or contiguous IOPTE. In this case the gather should flush everything unmapped which can be larger than what was requested to be unmapped. The gather was only flushing the range requested to be unmapped, not extending to the extra range, resulting in a short invalidation if the caller hits this special condition. This was found by the new invalidation/gather test I am adding in preparation for ARMv8. Claude deduced the root cause. As far as I remember nothing relies on unmapping a large entry, so this is likely not a triggerable bug.

INFO

Published Date :

2026-05-01T14:14:32.923Z

Last Modified :

2026-05-03T05:45:41.300Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31735 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31735.

URL Resource
https://git.kernel.org/stable/c/50ecd96a28f712f8b682c0441f4cb9b086d28816 cve-icon cve-icon
https://git.kernel.org/stable/c/ee6e69d032550687a3422504bfca3f834c7b5061 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026050138-CVE-2026-31735-436c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31735 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31735 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact