Skip to main content

Linux Kernel EUVDEUVD-2026-24860

| CVE-2026-31490 HIGH
Use After Free (CWE-416)
2026-04-22 416baaa9-dc9f-4396-8d5f-8c081fb06d67
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

9
Analysis Updated
Apr 28, 2026 - 13:12 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 28, 2026 - 13:07 vuln.today
cvss_changed
Patch released
Apr 28, 2026 - 12:52 nvd
Patch available
Analysis Generated
Apr 27, 2026 - 15:22 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
7.8 (HIGH)
Patch available
Apr 22, 2026 - 16:33 EUVD
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24860
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/pf: Fix use-after-free in migration restore

When an error is returned from xe_sriov_pf_migration_restore_produce(), the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write() calls. Set the pointer to NULL upon error to fix the problem.

(cherry picked from commit 4f53d8c6d23527d734fe3531d08e15cb170a0819)

AnalysisAI

Use-after-free in Linux kernel's xe GPU driver allows local authenticated users to execute arbitrary code with kernel privileges. The vulnerability occurs in the SR-IOV physical function migration restore path when error handling fails to nullify a freed data pointer, enabling subsequent write operations to reference deallocated memory. With CVSS 7.8 (High) and very low EPSS (0.02%), this represents typical kernel memory corruption risk requiring local access and low privileges. Vendor patches are available for affected 6.19 and 7.0-rc versions.

Technical ContextAI

This vulnerability affects the xe GPU driver's SR-IOV (Single Root I/O Virtualization) physical function implementation in Linux kernel 6.19 and 7.0 release candidates (rc1-rc7). The flaw is a classic use-after-free (CWE-416) in the migration restore code path within drm/xe/pf module. When xe_sriov_pf_migration_restore_produce() returns an error, the function frees allocated memory but fails to set the data pointer to NULL. This dangling pointer can be dereferenced in subsequent .write() file operations, allowing access to freed heap memory. Use-after-free vulnerabilities in kernel code are particularly dangerous because they can lead to arbitrary code execution in kernel context, bypassing all userspace security boundaries. The xe driver is Intel's modern GPU driver for newer discrete graphics cards, making this relevant primarily to systems with recent Intel Arc GPUs using SR-IOV virtualization features.

RemediationAI

Apply vendor-released kernel patches immediately for affected systems. Fixed versions include Linux kernel 6.19.11 and 7.0 stable release based on commits 87997b6c6516e049cbaf2fc6810b213d587a06b1 (mainline) and e28552b4ddea5cb4725380dd08237831af835124 (stable backport). The fix is a simple pointer nullification after memory deallocation in the error path. Patch commits are available at https://git.kernel.org/stable/c/87997b6c6516e049cbaf2fc6810b213d587a06b1 and https://git.kernel.org/stable/c/e28552b4ddea5cb4725380dd08237831af835124. If immediate patching is not feasible, disable SR-IOV functionality on xe driver devices as a temporary mitigation, though this eliminates GPU virtualization capabilities. Alternatively, restrict local user access to systems with xe GPUs to trusted administrators only, reducing attack surface. No application-layer workarounds exist as this is a kernel driver issue. Monitor kernel update channels from your distribution (RHEL, Ubuntu, Debian, etc.) for packaged fixes.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-24860 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy