CVE-2026-31390 Linux CVE debrief

Who should care

System administrators running Linux systems with Intel Xe integrated or discrete graphics, particularly those using memory-intensive graphics workloads or untrusted user-space applications that may trigger the vulnerable ioctl path. Cloud providers and container platforms hosting workloads on Intel Xe-enabled infrastructure should prioritize patching.

Technical summary

The xe_vm_madvise_ioctl function in the Linux kernel's Intel Xe graphics driver fails to properly free allocated VMA (Virtual Memory Area) resources when the check_bo_args_are_sane() validation function returns an error. The fix introduces a dedicated cleanup label (free_vmas) that is jumped to on validation failure, ensuring proper resource deallocation. The vulnerability affects kernel versions 6.18 through 6.18.19, 6.19 through 6.19.9, and 7.0-rc1/rc2.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from the stable kernel git repository for affected versions
• Upgrade to Linux kernel 6.18.20 or later, or 6.19.10 or later
• For systems running 7.0-rc1 or 7.0-rc2, apply the relevant stable branch patches
• Monitor system memory usage on Intel Xe graphics systems for anomalous consumption patterns
• Review system logs for drm/xe related errors that may indicate repeated ioctl failures

Evidence notes

The vulnerability was resolved by adding a proper cleanup path via a new 'free_vmas' label that ensures allocated resources are freed when validation fails. The fix was cherry-picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965.

Official resources