CVE-2026-31490 PUBLISHED

drm/xe/pf: Fix use-after-free in migration restore

Assigner: Linux
Reserved: 09.03.2026 Published: 22.04.2026 Updated: 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/pf: Fix use-after-free in migration restore

When an error is returned from xe_sriov_pf_migration_restore_produce(), the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write() calls. Set the pointer to NULL upon error to fix the problem.

(cherry picked from commit 4f53d8c6d23527d734fe3531d08e15cb170a0819)

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 1ed30397c0b92b97381dbd11362fdbbf93e046d2 to e28552b4ddea5cb4725380dd08237831af835124 (excl.) affected from 1ed30397c0b92b97381dbd11362fdbbf93e046d2 to 87997b6c6516e049cbaf2fc6810b213d587a06b1 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 6.19.11 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-31490 PUBLISHED

drm/xe/pf: Fix use-after-free in migration restore

Product Status

References