Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: prevent immediate PASID reuse case

PASID resue could cause interrupt issue when process
immediately runs into hw state left by previous
process exited with the same PASID, it's possible that
page faults are still pending in the IH ring buffer when
the process exits and frees up its PASID. To prevent the
case, it uses idr cyclic allocator same as kernel pid's.

(cherry picked from commit 8f1de51f49be692de137c8525106e0fce2d1912d)
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s AMDGPU driver, a flaw allows a Process Address Space ID (PASID) to be reused immediately after a process terminates. This premature reuse can leave pending page faults in the Interrupt Handling ring, which may trigger an interrupt handling fault when the next process uses the same PASID. The improper resource reuse corresponds to CWE‑367 and can destabilize the kernel, potentially leading to a denial‑of‑service condition.

Affected Systems

Affected systems include the Linux kernel’s DRM subsystem, specifically the AMDGPU driver. All kernels prior to the commit that removes immediate PASID reuse—identified by commit 8f1de51—are vulnerable. Systems running newer kernels that include the patch are not affected. The issue spans the Linux kernel versions listed in the CPE entries up to 7.0 rc5.

Risk and Exploitability

The EPSS score is below 1%, indicating a low exploitation probability, while the CVSS score of 5.5 reflects moderate severity. The vulnerability is not listed in CISA KEV. Exploitation would require privileged or root access to create a process that engages the GPU, or the ability to run privileged graphics workloads. If the flaw is triggered, the kernel can become unstable, leading to a possible denial‑of‑service. The overall risk remains moderate, but patching is advisable.

Generated by OpenCVE AI on May 7, 2026 at 19:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes commit 8f1de51, removing the immediate PASID reuse behavior.
  • Reboot the system after upgrading to ensure the updated AMDGPU driver code is loaded.
  • If an immediate upgrade is not possible, disable the AMDGPU module with "modprobe -r amdgpu" or limit privileged access to graphics processes until the patch is available.
  • Monitor system logs for Interrupt Handling ring buffer errors and verify that the issue does not recur.

Generated by OpenCVE AI on May 7, 2026 at 19:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Thu, 07 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 29 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
CWE-665
CWE-754

Mon, 27 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
CWE-665
CWE-754

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PASID reuse case PASID resue could cause interrupt issue when process immediately runs into hw state left by previous process exited with the same PASID, it's possible that page faults are still pending in the IH ring buffer when the process exits and frees up its PASID. To prevent the case, it uses idr cyclic allocator same as kernel pid's. (cherry picked from commit 8f1de51f49be692de137c8525106e0fce2d1912d)
Title drm/amdgpu: prevent immediate PASID reuse case
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:09:11.635Z

Reserved: 2026-03-09T15:48:24.092Z

Link: CVE-2026-31462

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:41.787

Modified: 2026-05-07T18:32:30.960

Link: CVE-2026-31462

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31462 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T20:00:12Z

Weaknesses