CVE-2026-31767 - Vulnerability Details

- drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode

Stop adjusting the horizontal timing values based on the
compression ratio in command mode. Bspec seems to be telling
us to do this only in video mode, and this is also how the
Windows driver does things.

This should also fix a div-by-zero on some machines because
the adjusted htotal ends up being so small that we end up with
line_time_us==0 when trying to determine the vtotal value in
command mode.

Note that this doesn't actually make the display on the
Huawei Matebook E work, but at least the kernel no longer
explodes when the driver loads.

(cherry picked from commit 0b475e91ecc2313207196c6d7fd5c53e1a878525)

Published: 2026-05-01

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the Linux kernel DRM i915 DSI driver where the driver applied horizontal timing adjustments for display hardware in command mode. This incorrect behavior leads to a divide‑by‑zero condition during the calculation of display parameters, causing the kernel to crash or panic. The crash effectively results in a denial of service, disrupting kernel operation and requiring a reboot to recover.

Affected Systems

Affected systems are Linux kernels that include the i915 DSI driver prior to the patches included in commit 0b475e91. No specific version ranges are listed in the data, and the vulnerability is therefore potentially present in any kernel build that has not yet integrated this commit. The vulnerability is limited to devices using Intel graphics hardware that are configured in command mode for DSI output.

Risk and Exploitability

There is no reported EPSS score and the vulnerability is not listed in the CISA KEV catalog, indicating that there is no publicly known exploitation activity. The primary risk remains a local denial of service, as it requires a critical path in the kernel and is unlikely to be triggered by an unprivileged user. A CVSS score of 7.0 indicates a high severity, confirming that the kernel crash could seriously impact system stability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`53693f02d80e0a909e76c2a25f8aac8515f959db`	affected	< 55efe8402f46af8399c8b634a18b130a05fd7820
`53693f02d80e0a909e76c2a25f8aac8515f959db`	affected	< 86e926b108880c0109b8635e459450447156aeb7
`53693f02d80e0a909e76c2a25f8aac8515f959db`	affected	< 33b5336e4fd8ba0e40a12989cadb3f5534a0f9e4
`53693f02d80e0a909e76c2a25f8aac8515f959db`	affected	< 4dfce79e098915d8e5fc2b9e1d980bc3251dd32c

Linux

affected

Version	Status	Constraints
`5.6`	affected	—
`0`	unaffected	< 5.6
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[53693f02d80e0a909e76c2a25f8aac8515f959db,55efe8402f46af8399c8b634a18b130a05fd7820)`	affected	code_commit	—
`[53693f02d80e0a909e76c2a25f8aac8515f959db,86e926b108880c0109b8635e459450447156aeb7)`	affected	code_commit	—
`[53693f02d80e0a909e76c2a25f8aac8515f959db,33b5336e4fd8ba0e40a12989cadb3f5534a0f9e4)`	affected	code_commit	—
`[53693f02d80e0a909e76c2a25f8aac8515f959db,4dfce79e098915d8e5fc2b9e1d980bc3251dd32c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.6`	affected	generic	—
`[0,5.6)`	unaffected	generic	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that contains commit 0b475e91 or backport the patch before compiling your kernel.
If possible, avoid configuring the Intel DSI interface in command mode; use video mode or disable the feature entirely.
Check dmesg logs and other kernel messages for signs of the bug and verify that the running i915 driver is the corrected version.

Generated by OpenCVE AI on May 2, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/33b5336e4fd8ba0e40a12989cadb3f5534a0f9e4
https://git.kernel.org/stable/c/4dfce79e098915d8e5fc2b9e1d980bc3251dd32c
https://git.kernel.org/stable/c/55efe8402f46af8399c8b634a18b130a05fd7820
https://git.kernel.org/stable/c/86e926b108880c0109b8635e459450447156aeb7
https://lore.kernel.org/linux-cve-announce/2026050147-CVE-2026-31767-cfcf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31767
https://www.cve.org/CVERecord?id=CVE-2026-31767

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-369
References		https://lore.kernel.org/linux-cve-announce/2026050147-CVE-2026-31767-cfcf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31767 https://www.cve.org/CVERecord?id=CVE-2026-31767
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and this is also how the Windows driver does things. This should also fix a div-by-zero on some machines because the adjusted htotal ends up being so small that we end up with line_time_us==0 when trying to determine the vtotal value in command mode. Note that this doesn't actually make the display on the Huawei Matebook E work, but at least the kernel no longer explodes when the driver loads. (cherry picked from commit 0b475e91ecc2313207196c6d7fd5c53e1a878525)
Title		drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/33b5336e4fd8ba0e40a12989cadb3f5534a0f9e4 https://git.kernel.org/stable/c/4dfce79e098915d8e5fc2b9e1d980bc3251dd32c https://git.kernel.org/stable/c/55efe8402f46af8399c8b634a18b130a05fd7820 https://git.kernel.org/stable/c/86e926b108880c0109b8635e459450447156aeb7

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:57.287Z

Updated: 2026-05-01T14:14:57.287Z

Reserved: 2026-03-09T15:48:24.140Z

Link: CVE-2026-31767

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:39.870

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31767

Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31767 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T07:30:36Z

Weaknesses

CWE-369

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object