Description
In the Linux kernel, the following vulnerability has been resolved:

drm/ioc32: stop speculation on the drm_compat_ioctl path

The drm compat ioctl path takes a user controlled pointer, and then
dereferences it into a table of function pointers, the signature method
of spectre problems. Fix this up by calling array_index_nospec() on the
index to the function pointer list.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel's drm/ioc32 compatibility ioctl path allows a user‑controlled pointer to be speculatively dereferenced into a table of function pointers, creating a Spectre‑type side‑channel that could potentially expose sensitive kernel data, an effect inferred from Spectre‑style vulnerabilities but not explicitly confirmed by the CVE description.

Affected Systems

All Linux kernels that include the drm/ioc32 component and predates the commit adding array_index_nospec are affected, regardless of distribution; the vulnerability affects any vendor that delivers the vanilla Linux kernel with DRM compatibility enabled.

Risk and Exploitability

With a CVSS score of 5.5 the issue is classified as medium risk, but an EPSS score of <1 % and its absence from the CISA KEV catalog suggest a low probability of exploitation; attackers would need to manipulate speculative execution via the DRM ioctl interface, a complex local‑user vector that could potentially leak privileged data, an effect inferred but not confirmed.

Generated by OpenCVE AI on May 11, 2026 at 23:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the array_index_nospec patch, which mitigates the Spectre‑style speculation flaw and addresses CWE‑515.
  • Restrict privileged access to DRM ioctl interfaces by adjusting device permissions; disabling the DRM compatibility layer is not recommended without impact assessment.
  • Maintain a routine of checking vendor release notes and applying kernel updates as they become available, adding this verification to your patch‑management process to ensure future mitigations are received.

Generated by OpenCVE AI on May 11, 2026 at 23:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Mon, 11 May 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:4.20:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 02 May 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Sat, 02 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-515
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Sat, 02 May 2026 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up by calling array_index_nospec() on the index to the function pointer list.
Title drm/ioc32: stop speculation on the drm_compat_ioctl path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:05:56.217Z

Reserved: 2026-03-09T15:48:24.141Z

Link: CVE-2026-31781

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:41.577

Modified: 2026-05-11T20:51:42.783

Link: CVE-2026-31781

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31781 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:30:02Z

Weaknesses