Description
In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix missing runtime PM reference in ccs_mode_store

ccs_mode_store() calls xe_gt_reset() which internally invokes
xe_pm_runtime_get_noresume(). That function requires the caller
to already hold an outer runtime PM reference and warns if none
is held:

[46.891177] xe 0000:03:00.0: [drm] Missing outer runtime PM protection
[46.891178] WARNING: drivers/gpu/drm/xe/xe_pm.c:885 at
xe_pm_runtime_get_noresume+0x8b/0xc0

Fix this by protecting xe_gt_reset() with the scope-based
guard(xe_pm_runtime)(xe), which is the preferred form when
the reference lifetime matches a single scope.

v2:
- Use scope-based guard(xe_pm_runtime)(xe) (Shuicheng)
- Update commit message accordingly

(cherry picked from commit 7937ea733f79b3f25e802a0c8360bf7423856f36)
Published: 2026-04-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Runtime PM reference missing causes unstable power management in Linux DRM XE driver
Action: Apply Patch
AI Analysis

Impact

When the ccs_mode_store function writes through the DRM sysfs interface, it triggers xe_gt_reset, which in turn calls xe_pm_runtime_get_noresume. That helper requires the caller to already hold a runtime power‑management reference, and if it is not present the kernel emits a warning about a missing outer runtime PM protection. The absence of this reference can lead to improper power state transitions for the GPU, potentially causing crashes or unexpected behavior in the graphics subsystem. The weakness is classified as a resource‑management defect.

Affected Systems

Linux kernels 6.19 and all 7.0 release candidates up to rc7 are affected, as the flaw resides in the DRM XE driver code included in those kernel releases. Any host running these kernels and exposing the DRM XE interface is vulnerable until the reference guard is added.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% points to a very low probability of exploitation. The vulnerability is not listed in CISA KEV. The likely attack vector involves a local user with the ability to write to the ccs_mode sysfs file; because that typically requires elevated privileges, the impact is most likely a local privilege escalation or system instability scenario. This inference is drawn from the fact that the ccs_mode entry is writable by privileged users and the problematic function is invoked by that write operation.

Generated by OpenCVE AI on April 28, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel release that includes the runtime PM guard fix (e.g., kernel 6.19 or any newer 7.0 release candidate).
  • For custom or older kernel builds, apply the patch that surrounds xe_gt_reset with a scope‑based guard and rebuild the kernel.
  • Restrict permissions on the DRM XE ccs_mode sysfs entry so that only trusted users can write to it, preventing unauthorized manipulation of the GPU power state.

Generated by OpenCVE AI on April 28, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_runtime_get_noresume(). That function requires the caller to already hold an outer runtime PM reference and warns if none is held: [46.891177] xe 0000:03:00.0: [drm] Missing outer runtime PM protection [46.891178] WARNING: drivers/gpu/drm/xe/xe_pm.c:885 at xe_pm_runtime_get_noresume+0x8b/0xc0 Fix this by protecting xe_gt_reset() with the scope-based guard(xe_pm_runtime)(xe), which is the preferred form when the reference lifetime matches a single scope. v2: - Use scope-based guard(xe_pm_runtime)(xe) (Shuicheng) - Update commit message accordingly (cherry picked from commit 7937ea733f79b3f25e802a0c8360bf7423856f36)
Title drm/xe: Fix missing runtime PM reference in ccs_mode_store
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:10:53.255Z

Reserved: 2026-03-09T15:48:24.114Z

Link: CVE-2026-31547

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:28.830

Modified: 2026-04-27T20:16:02.917

Link: CVE-2026-31547

cve-icon Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31547 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:30:06Z

Weaknesses