Use-After-Free Vulnerability in Linux Kernel Affecting Graphics Drivers
CVE-2026-31490

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31490?

A vulnerability in the Linux kernel affects the graphics driver subsystem, specifically impacting the migration restore process. When an error occurs in the function xe_sriov_pf_migration_restore_produce(), the data pointer is not reset to NULL, which can create a scenario for use-after-free vulnerabilities during subsequent write operations. This flaw could lead to memory access issues and potential exploitation in systems utilizing affected kernel versions. The issue has been corrected by ensuring that the pointer is set to NULL upon encountering an error, thereby preventing unintended access to freed memory resources.

Affected Version(s)

Linux 1ed30397c0b92b97381dbd11362fdbbf93e046d2

Linux 1ed30397c0b92b97381dbd11362fdbbf93e046d2 < 87997b6c6516e049cbaf2fc6810b213d587a06b1

Linux 6.19

References

https://git.kernel.org/stable/c/e28552b4ddea5cb4725380dd0...

https://git.kernel.org/stable/c/87997b6c6516e049cbaf2fc68...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31490 Data

JSON