CVE-2026-31784 - Vulnerability Details

- drm/xe/pxp: Clear restart flag in pxp_start after jumping back

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/pxp: Clear restart flag in pxp_start after jumping back

If we don't clear the flag we'll keep jumping back at the beginning of
the function once we reach the end.

(cherry picked from commit 0850ec7bb2459602351639dccf7a68a03c9d1ee0)

Published: 2026-05-01

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel’s DRM Xe driver, the function pxp_start fails to clear a restart flag after returning from a conditional jump. Consequently the function repeatedly jumps back to its beginning once it reaches the end, creating an infinite loop that can tie the GPU channel and stall GPU‑related operations. This loop does not directly allow code execution but can lead to a denial‑of‑service condition by preventing the driver from returning control to userspace or other kernel components.

Affected Systems

The flaw affects the Linux kernel wherever the drm/xe/pxp component is compiled and loaded. All builds that include the Xe DRM driver are potentially impacted; no specific kernel version is listed, so any deployment that has not applied the fix may be vulnerable.

Risk and Exploitability

Based on the description, it is inferred that the attack vector would be local privileged or already‑elevated users, since the flaw lies in a privileged kernel module. The EPSS score is < 1% and the vulnerability is not listed in CISA KEV, indicating no known active exploitation. Exploitation would require the ability to load or modify kernel modules locally. The CVSS score of 5.5 indicates a medium severity, but the attack would likely result in service disruption rather than privilege escalation or data compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ccd3c6820a9024bcb68c249b644b5e42f0f7b9d2`	affected	< 9e962e68a9d26135af67c423767c0983d9ad94c3
`ccd3c6820a9024bcb68c249b644b5e42f0f7b9d2`	affected	< 400ee45f80480c05c3fa673967f25faab8323753
`ccd3c6820a9024bcb68c249b644b5e42f0f7b9d2`	affected	< 76903b2057c8677c2c006e87fede15f496555dc0

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ccd3c6820a9024bcb68c249b644b5e42f0f7b9d2,9e962e68a9d26135af67c423767c0983d9ad94c3)`	affected	code_commit	—
`[ccd3c6820a9024bcb68c249b644b5e42f0f7b9d2,400ee45f80480c05c3fa673967f25faab8323753)`	affected	code_commit	—
`[ccd3c6820a9024bcb68c249b644b5e42f0f7b9d2,76903b2057c8677c2c006e87fede15f496555dc0)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	generic	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update your Linux kernel to a version that includes commit 0850ec7bb2459602351639dccf7a68a03c9d1ee0
Reboot to apply changes and ensure the kernel module is reloaded
If immediate update is not possible, temporarily unload the drm_xe module or disable Xe DRM to prevent the infinite loop

Generated by OpenCVE AI on May 12, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/400ee45f80480c05c3fa673967f25faab8323753
https://git.kernel.org/stable/c/76903b2057c8677c2c006e87fede15f496555dc0
https://git.kernel.org/stable/c/9e962e68a9d26135af67c423767c0983d9ad94c3
https://lore.kernel.org/linux-cve-announce/2026050152-CVE-2026-31784-66d5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31784
https://www.cve.org/CVERecord?id=CVE-2026-31784

History

Tue, 12 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

Sat, 02 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-368

Sat, 02 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-835
References		https://lore.kernel.org/linux-cve-announce/2026050152-CVE-2026-31784-66d5@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31784 https://www.cve.org/CVERecord?id=CVE-2026-31784
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sat, 02 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-368

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxp_start after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. (cherry picked from commit 0850ec7bb2459602351639dccf7a68a03c9d1ee0)
Title		drm/xe/pxp: Clear restart flag in pxp_start after jumping back
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/400ee45f80480c05c3fa673967f25faab8323753 https://git.kernel.org/stable/c/76903b2057c8677c2c006e87fede15f496555dc0 https://git.kernel.org/stable/c/9e962e68a9d26135af67c423767c0983d9ad94c3

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:15:09.945Z

Updated: 2026-05-11T22:15:44.809Z

Reserved: 2026-03-09T15:48:24.141Z

Link: CVE-2026-31784

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-01T15:16:41.923

Modified: 2026-05-12T15:09:18.907

Link: CVE-2026-31784

Redhat

Severity : Low

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31784 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T16:45:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object