CVE-2026-31490
Received Received - Intake
Use-After-Free in Linux drm/xe PF Migration Restore

Publication date: 2026-04-22

Last updated on: 2026-04-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xe_sriov_pf_migration_restore_produce(), the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write() calls. Set the pointer to NULL upon error to fix the problem. (cherry picked from commit 4f53d8c6d23527d734fe3531d08e15cb170a0819)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31490
EUVD
EUVD-2026-24860
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 6.19
linux linux_kernel From 6.19.1 (inc) to 6.19.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's drm/xe/pf component. Specifically, when the function xe_sriov_pf_migration_restore_produce() returns an error, the data pointer is not set to NULL. This oversight can cause subsequent .write() calls to use a pointer that has already been freed, leading to potential memory corruption or crashes.

Impact Analysis

The use-after-free vulnerability can lead to instability or crashes in the Linux kernel, potentially causing denial of service or unpredictable behavior. It may also be exploitable by attackers to execute arbitrary code or escalate privileges, depending on the context in which the vulnerable code is used.

Mitigation Strategies

The vulnerability is fixed by setting the data pointer to NULL upon error in the drm/xe/pf migration restore code in the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix from commit 4f53d8c6d23527d734fe3531d08e15cb170a0819.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31490. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart