Use-After-Free Vulnerability in Intel Graphics Driver for Linux
CVE-2026-31656

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31656?

A race condition exists in the Intel graphics driver for Linux, leading to a use-after-free condition due to improper synchronization between the heartbeat worker and the intel_engine_park_heartbeat function. When concurrently accessing the same resources, the heartbeat worker may attempt to release a request that has already been cleared, resulting in a reference count underflow. This vulnerability can be exploited through a failure to correctly manage state changes, posing a risk to system stability and security. The issue has been mitigated by ensuring atomic operations using xchg() to prevent simultaneous access to the same pointers.

Affected Version(s)

Linux 058179e72e0956a2dfe4927db6cbe5fbfb2406aa < 70d3e622b10092fc483e28e57b4e8c49d9cc7f68

Linux 058179e72e0956a2dfe4927db6cbe5fbfb2406aa < 8ce44d28a84fd5e053a88b04872a89d95c0779d4

Linux 058179e72e0956a2dfe4927db6cbe5fbfb2406aa

References

https://git.kernel.org/stable/c/70d3e622b10092fc483e28e57...

https://git.kernel.org/stable/c/8ce44d28a84fd5e053a88b048...

https://git.kernel.org/stable/c/ca3f48c3567dd49efdc55b800...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31656 Data

JSON