VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31547

CVE-2026-31547

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix missing runtime PM reference in ccs_mode_store

ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_runtime_get_noresume(). That function requires the caller to already hold an outer runtime PM reference and warns if none is held:

[46.891177] xe 0000:03:00.0: [drm] Missing outer runtime PM protection [46.891178] WARNING: drivers/gpu/drm/xe/xe_pm.c:885 at xe_pm_runtime_get_noresume+0x8b/0xc0

Fix this by protecting xe_gt_reset() with the scope-based guard(xe_pm_runtime)(xe), which is the preferred form when the reference lifetime matches a single scope.

v2: - Use scope-based guard(xe_pm_runtime)(xe) (Shuicheng) - Update commit message accordingly

(cherry picked from commit 7937ea733f79b3f25e802a0c8360bf7423856f36)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing outer runtime PM reference in the Linux kernel's drm/xe driver causes a warning when writing to ccs_mode_store, fixed by adding a scope-based guard.

Vulnerability

CVE-2026-31547 is a bug in the Linux kernel's drm/xe driver, specifically in the ccs_mode_store() function. This function calls xe_gt_reset(), which internally invokes xe_pm_runtime_get_noresume(). The latter requires the caller to already hold an outer runtime PM reference; if none is held, a warning is triggered: [drm] Missing outer runtime PM protection [1][2].

Exploitation

The vulnerability is triggered by writing to the ccs_mode sysfs attribute, which invokes ccs_mode_store(). No special privileges beyond local access to the sysfs interface are required, but the attacker must be able to write to that file. The bug manifests as a kernel warning (WARN_ON) and a stack trace, but does not directly lead to memory corruption or privilege escalation.

Impact

The impact is limited to a kernel warning and potential denial of service if the warning floods logs or triggers further instability. The CVSS v3 score of 5.5 (Medium) reflects this local availability impact. No code execution or data compromise is described.

Mitigation

The fix has been applied in the Linux kernel stable tree via commit 65d046b2d8e0d6d855379a981869005fd6b6a41b [1] and also in commit c409ecce9adcf815e86bc2f68834982e5a9c4e76 [2]. The patch replaces the unprotected call with a scope-based guard(xe_pm_runtime)(xe) to ensure the outer PM reference is held. Users should update to a kernel version containing this fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.19.1,<6.19.10
    • cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.