Skip to main content

Linux CVE-2026-31390

| EUVDEUVD-2026-18762 MEDIUM
Memory Leak (CWE-401)
2026-04-03 Linux GHSA-fpjr-hm8v-68cj
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 26, 2026 - 14:07 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
1c87b48a0ff040723f84a67b32892af7e6a3634f,0cfe9c4838f1147713f6b5c02094cd4dc0c598fa
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18762
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix memory leak in xe_vm_madvise_ioctl

When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path.

(cherry picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965)

AnalysisAI

Linux kernel xe (Intel GPU) driver leaks dynamically allocated virtual memory area (VMA) structures when argument validation fails in the xe_vm_madvise_ioctl handler, allowing local attackers to exhaust kernel memory and trigger denial of service. The vulnerability has been patched upstream in stable kernel branches with proper cleanup path addition.

Technical ContextAI

The xe driver is Intel's new GPU driver for Linux, handling direct rendering and memory management for discrete Intel GPUs. The xe_vm_madvise_ioctl function processes memory advice (madvise) operations on GPU virtual address spaces. When the check_bo_args_are_sane() validation function returns an error, the code previously jumped directly to the error return without invoking cleanup routines, leaving allocated VMA objects (data structures representing ranges in virtual memory) unreleased in kernel heap memory. This is a classic resource leak vulnerability in the error handling path of an ioctl (input/output control) system call handler. The fix adds a proper cleanup label that deallocates all VMA structures before returning the error code.

RemediationAI

Apply the upstream stable kernel patches referenced in the git.kernel.org commits. Users should update their Linux kernel to a version that includes commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965 or its stable backports (c3aa7b837920c844d5ae0dd3dbaeb465a461de40, 1c87b48a0ff040723f84a67b32892af7e6a3634f, 0cfe9c4838f1147713f6b5c02094cd4dc0c598fa). For systems unable to update immediately, disable xe GPU driver if not in use by blacklisting the kernel module or using an older GPU driver that does not include the vulnerable code path. Kernel distributions (RHEL, Ubuntu, Debian) should backport the fix into their stable kernel updates. Refer to https://git.kernel.org/stable for specific version numbers and backport status.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31390 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy