Skip to main content

Linux Kernel CVE-2026-31460

| EUVDEUVD-2026-24799 MEDIUM
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 21:00 vuln.today
CVSS changed
May 07, 2026 - 18:37 NVD
5.5 (MEDIUM)
Patch released
Apr 23, 2026 - 16:17 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24799
CVE Published
Apr 22, 2026 - 14:16 nvd
N/A
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: check if ext_caps is valid in BL setup

LVDS connectors don't have extended backlight caps so check if the pointer is valid before accessing it.

(cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6)

AnalysisAI

Denial of service via null pointer dereference in AMD display driver backlight setup affects Linux kernel versions 6.19 through 7.0-rc5 when LVDS connectors are present without extended backlight capabilities. Local authenticated users with low privileges can trigger a crash by accessing backlight controls on affected systems, causing system instability. Patch available from vendor with EPSS score of 0.02% indicating low real-world exploitation probability.

Technical ContextAI

The vulnerability exists in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically in the AMD display driver's backlight setup code. The amd/display driver fails to validate that the ext_caps (extended capabilities) pointer is non-null before dereferencing it during backlight initialization on LVDS connectors. LVDS (Low-Voltage Differential Signaling) is a display interface commonly used in laptops and embedded systems. The root cause is a missing null pointer check that should guard access to the extended backlight capabilities structure. This affects systems with AMD display hardware where LVDS connectors are used without proper extended backlight capability support.

RemediationAI

Apply the vendor-released patch via upstream Linux commit 60b0524bfb7d691ab378cdc788209f11cd34da89 or 9da4f9964abcaeb6e19797d5e3b10faad338a786, available at https://git.kernel.org/stable/. Kernel versions 7.0-final and later contain the fix. For systems unable to patch immediately, disable backlight control features through kernel parameters (e.g., amdgpu.backlight=0 via GRUB configuration) or disable the AMD display driver if integrated graphics alternatives are available, though this may impact display functionality. Systems with DP (DisplayPort) or HDMI-only connectors without LVDS are unaffected and do not require mitigation. Kernel recompilation with the cherry-picked commit from the stable branch is an alternative for distributions with delayed stable kernel releases.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31460 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy