CVE-2026-31461 - Vulnerability Details

- drm/amd/display: Fix drm_edid leak in amdgpu_dm

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix drm_edid leak in amdgpu_dm

[WHAT]
When a sink is connected, aconnector->drm_edid was overwritten without
freeing the previous allocation, causing a memory leak on resume.

[HOW]
Free the previous drm_edid before updating it.

(cherry picked from commit 52024a94e7111366141cfc5d888b2ef011f879e5)

Published: 2026-04-22

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A memory leak exists in the Linux kernel’s AMD GPU DRM display driver. When a display sink is connected, the driver overwrites the drm_edid pointer without freeing the previous allocation on resume, which can steadily consume kernel memory. Over multiple resume cycles the kernel may exhaust available memory, potentially leading to crashes or forced reboots. The flaw does not provide code execution, information disclosure, or direct privilege escalation.

Affected Systems

All Linux kernel builds that include the amdgpu_dm driver are potentially affected. The CNA listing identifies Linux as both vendor and product. No specific version range is supplied, but the fix is present in newer kernel releases that incorporate the referenced commit.

Risk and Exploitability

The EPSS score is <1%, indicating a very low exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The CVSS score of 5.5 indicates moderate severity. Because the issue resides in a kernel module, exploitation would appear limited to local or privileged users and would require repeated resume events to accrue a significant memory drain. While not widely exploited, the leak can still result in a denial‑of‑service if left unmitigated in environments where resume cycles occur frequently.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e`	affected	< eb95595194e4755b62360aa821f40a79b0953105
`48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e`	affected	< 52db857e94b9be4e6315586602b0257d1d2b165a
`48edb2a4256eedf6c92eecf2bc7744e6ecb44b5e`	affected	< 37c2caa167b0b8aca4f74c32404c5288b876a2a3

Linux

affected

Version	Status	Constraints
`6.13`	affected	—
`0`	unaffected	< 6.13
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,eb95595194e4755b62360aa821f40a79b0953105)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,52db857e94b9be4e6315586602b0257d1d2b165a)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,37c2caa167b0b8aca4f74c32404c5288b876a2a3)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.18.21,6.19.0)`	unaffected	semver	—
`[6.19.11,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that contains the commit 52024a94e7111366141cfc5d888b2ef011f879e5, which frees the previous drm_edid allocation before it is updated.
If an immediate kernel upgrade is not possible, monitor kernel memory usage and reboot the system when memory consumption approaches the limit, as the leak is cleared on boot.
If the risk of a denial‑of‑service is critical, consider disabling the AMD GPU display sink or reducing usage until a patched kernel can be deployed.

Generated by OpenCVE AI on May 7, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/37c2caa167b0b8aca4f74c32404c5288b876a2a3
https://git.kernel.org/stable/c/52db857e94b9be4e6315586602b0257d1d2b165a
https://git.kernel.org/stable/c/eb95595194e4755b62360aa821f40a79b0953105
https://lore.kernel.org/linux-cve-announce/2026042251-CVE-2026-31461-2b9c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31461
https://www.cve.org/CVERecord?id=CVE-2026-31461

History

Thu, 07 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Wed, 29 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Mon, 27 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 23 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026042251-CVE-2026-31461-2b9c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31461 https://www.cve.org/CVERecord?id=CVE-2026-31461

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid leak in amdgpu_dm [WHAT] When a sink is connected, aconnector->drm_edid was overwritten without freeing the previous allocation, causing a memory leak on resume. [HOW] Free the previous drm_edid before updating it. (cherry picked from commit 52024a94e7111366141cfc5d888b2ef011f879e5)
Title		drm/amd/display: Fix drm_edid leak in amdgpu_dm
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/37c2caa167b0b8aca4f74c32404c5288b876a2a3 https://git.kernel.org/stable/c/52db857e94b9be4e6315586602b0257d1d2b165a https://git.kernel.org/stable/c/eb95595194e4755b62360aa821f40a79b0953105

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:53:52.875Z

Updated: 2026-05-11T22:09:10.427Z

Reserved: 2026-03-09T15:48:24.092Z

Link: CVE-2026-31461

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-22T14:16:41.670

Modified: 2026-05-07T18:34:46.070

Link: CVE-2026-31461

Redhat

Severity :

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31461 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-07T19:30:27Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object