CVE-2026-31781
Spectre Variant 1 Mitigation in Linux Kernel DRM
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's drm compat ioctl path. It involves the handling of a user-controlled pointer that is dereferenced into a table of function pointers, which is a known pattern related to Spectre-type vulnerabilities. The issue was that the index used to access the function pointer table could be speculated upon by the processor, potentially leading to speculative execution attacks. The fix involved using the array_index_nospec() function to prevent speculation on the index, thereby mitigating the vulnerability.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to exploit speculative execution to access or manipulate memory in unintended ways by controlling the index used to dereference function pointers. This could potentially lead to information disclosure or other security issues related to speculative execution attacks.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to the drm_compat_ioctl path has been resolved by applying a fix that stops speculation by using array_index_nospec() on the index to the function pointer list.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.