{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31390", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.084Z", "datePublished": "2026-04-03T15:15:56.035Z", "dateUpdated": "2026-04-03T15:15:56.035Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T15:15:56.035Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix memory leak in xe_vm_madvise_ioctl\n\nWhen check_bo_args_are_sane() validation fails, jump to the new\nfree_vmas cleanup label to properly free the allocated resources.\nThis ensures proper cleanup in this error path.\n\n(cherry picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_vm_madvise.c"], "versions": [{"version": "293032eec4baa04374d62dd44de61e355296ad32", "lessThan": "c3aa7b837920c844d5ae0dd3dbaeb465a461de40", "status": "affected", "versionType": "git"}, {"version": "293032eec4baa04374d62dd44de61e355296ad32", "lessThan": "1c87b48a0ff040723f84a67b32892af7e6a3634f", "status": "affected", "versionType": "git"}, {"version": "293032eec4baa04374d62dd44de61e355296ad32", "lessThan": "0cfe9c4838f1147713f6b5c02094cd4dc0c598fa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_vm_madvise.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c3aa7b837920c844d5ae0dd3dbaeb465a461de40"}, {"url": "https://git.kernel.org/stable/c/1c87b48a0ff040723f84a67b32892af7e6a3634f"}, {"url": "https://git.kernel.org/stable/c/0cfe9c4838f1147713f6b5c02094cd4dc0c598fa"}], "title": "drm/xe: Fix memory leak in xe_vm_madvise_ioctl", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix memory leak in xe_vm_madvise_ioctl\n\nWhen check_bo_args_are_sane() validation fails, jump to the new\nfree_vmas cleanup label to properly free the allocated resources.\nThis ensures proper cleanup in this error path.\n\n(cherry picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965)"}], "id": "CVE-2026-31390", "lastModified": "2026-04-07T13:20:55.200", "metrics": {}, "published": "2026-04-03T16:16:36.987", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0cfe9c4838f1147713f6b5c02094cd4dc0c598fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1c87b48a0ff040723f84a67b32892af7e6a3634f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c3aa7b837920c844d5ae0dd3dbaeb465a461de40"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/xe: Fix memory leak in xe_vm_madvise_ioctl", "id": "2454824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454824"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-459", "details": ["A flaw was found in the Linux kernel's drm/xe component. A local user could exploit this vulnerability when validation fails during the `xe_vm_madvise_ioctl` operation, leading to improper cleanup of allocated resources. This can result in a memory leak, potentially causing system instability or a denial of service (DoS) over time."], "name": "CVE-2026-31390", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31390\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31390\nhttps://lore.kernel.org/linux-cve-announce/2026040324-CVE-2026-31390-f363@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[293032eec4baa04374d62dd44de61e355296ad32,c3aa7b837920c844d5ae0dd3dbaeb465a461de40)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[293032eec4baa04374d62dd44de61e355296ad32,1c87b48a0ff040723f84a67b32892af7e6a3634f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[293032eec4baa04374d62dd44de61e355296ad32,0cfe9c4838f1147713f6b5c02094cd4dc0c598fa)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-07T09:42:18.264781+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the fix (commit 29bd06f or later).", "Verify the kernel contains the patch by checking the commit history or running \"git log\" for the relevant module.", "If an immediate kernel upgrade is not possible, monitor system memory usage and restart affected services or reboot to reclaim leaked memory.", "If the drm/xe module is not required, disable it to eliminate the risk."], "summary": {"action": "Apply Patch", "impact": "Memory Leak (Potential Denial of Service)"}, "threat_synthesis": {"affected_systems": "The issue affects Linux kernel builds where the drm/xe module is compiled. The impacted binaries are part of the standard Linux kernel (vendor Linux, product Linux). Specific kernel versions are not enumerated in the CVE entry, so any kernel containing the vulnerable code before the fix is susceptible. Administrative users or processes with access to the DRM subsystem could trigger the flaw.", "description_and_impact": "The vulnerability was a memory leak in the Linux kernel's DRM (drm/xe) subsystem, specifically in the xe_vm_madvise_ioctl handler. When the check_bo_args_are_sane() validation fails, resources allocated for virtual memory areas (VMAs) were not properly freed, leading to a leak. This is a classic example of resource exhaustion (CWE-459). While it does not provide direct code execution, the accumulation of unreleased memory could degrade system performance or culminate in a denial of service.", "risk_and_exploitability": "The CVSS score is 5.5, indicating moderate severity, and the EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The flaw is not listed in CISA's Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that exploitation requires local access, such that a user or process can invoke xe_vm_madvise_ioctl and cause a validation failure. An attacker with local or elevated privileges could use this path to degrade system resources, potentially leading to a service disruption."}}}}, "created": "2026-04-03T21:13:21.997908+00:00", "updated": "2026-04-08T19:53:34.038390+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}