CVE-2026-31781

MEDIUM EPSS 2.4%
Published May 1, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up by calling array_index_nospec() on the index to the function pointer list.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 19

VendorProductVersionRange
linuxlinux_kernel*≥3.16.63  –  <3.17
linuxlinux_kernel*≥4.4.170  –  <4.5
linuxlinux_kernel*≥4.9.148  –  <4.10
linuxlinux_kernel*≥4.14.91  –  <4.15
linuxlinux_kernel*≥4.19.13  –  <4.20
linuxlinux_kernel*≥4.20.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel4.20any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/27ef84bba9b9d7b03418c60fbc6069ea0e87b13c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46a60ee8956ef1975f00455f614761c7ecedc09d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/489f2ef2b908898d01df697dc4fe1476674be640
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a41c2b18fc05d30b718d2602cac339eae710b34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5bb398991f378ef74d90b14a6ea8b61ff96cc03a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d59c5d8539662d95887b4564f3f72ad38076a2d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0e441be08a2eab10b2d06fccfa267ee599dd6b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8995c2df519f382525ca4bc90553ad2ec611067
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/27ef84bba9b9d7b03418c60fbc6069ea0e87b13c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46a60ee8956ef1975f00455f614761c7ecedc09d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/489f2ef2b908898d01df697dc4fe1476674be640
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a41c2b18fc05d30b718d2602cac339eae710b34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5bb398991f378ef74d90b14a6ea8b61ff96cc03a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d59c5d8539662d95887b4564f3f72ad38076a2d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0e441be08a2eab10b2d06fccfa267ee599dd6b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8995c2df519f382525ca4bc90553ad2ec611067
    Patch