CVE-2026-31390 — Incomplete Cleanup in Linux

CWE-459 — Incomplete Cleanup6 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 94.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. (cherry picked from commit 29bd06faf727a4b76663e4be0f7d770e2d2a7965)

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶CVEListV5linux/linux293032eec4baa04374d62dd44de61e355296ad32 — c3aa7b837920c844d5ae0dd3dbaeb465a461de40+3

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-fpjr-hm8v-68cj: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() val↗2026-04-03

▶

OSV

CVE-2026-31390: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() valid↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: drm/xe: Fix memory leak in xe_vm_madvise_ioctl↗2026-04-03

▶

Debian

CVE-2026-31390: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-31390 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶