CVE-2026-31781 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up by calling array_index_nospec() on the index to the function pointer list.

PUBLISHED Reserved 2026-03-09 | Published 2026-05-01 | Updated 2026-05-01 | Assigner Linux

Product status

Default status

unaffected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before 46a60ee8956ef1975f00455f614761c7ecedc09d

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before 5bb398991f378ef74d90b14a6ea8b61ff96cc03a

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before d59c5d8539662d95887b4564f3f72ad38076a2d5

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before 489f2ef2b908898d01df697dc4fe1476674be640

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before 4a41c2b18fc05d30b718d2602cac339eae710b34

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before f0e441be08a2eab10b2d06fccfa267ee599dd6b3

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before 27ef84bba9b9d7b03418c60fbc6069ea0e87b13c

affected

505b5240329b922f21f91d5b5d1e535c805eca6d (git) before f8995c2df519f382525ca4bc90553ad2ec611067

affected

abc60edcfc87771ff244763d4d19c67766f5dd0f (git)

affected

a2a840d6dcae960c2dfdf3fcb1b759e1b7d90663 (git)

affected

00279b505289f7529d9be2e78915d0483ffbd314 (git)

affected

d04e6ea0cec9e7d6cba806508f657d2d0dc6cacf (git)

affected

7f3ebea19795eb38438cd3709fabf2afd53cf447 (git)

affected

Default status

affected

4.20

affected

Any version before 4.20

unaffected

5.10.253 (semver)

unaffected

5.15.203 (semver)

unaffected

6.1.168 (semver)

unaffected

6.6.134 (semver)

unaffected

6.12.81 (semver)

unaffected

6.18.22 (semver)

unaffected

6.19.12 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/46a60ee8956ef1975f00455f614761c7ecedc09d

git.kernel.org/...c/5bb398991f378ef74d90b14a6ea8b61ff96cc03a

git.kernel.org/...c/d59c5d8539662d95887b4564f3f72ad38076a2d5

git.kernel.org/...c/489f2ef2b908898d01df697dc4fe1476674be640

git.kernel.org/...c/4a41c2b18fc05d30b718d2602cac339eae710b34

git.kernel.org/...c/f0e441be08a2eab10b2d06fccfa267ee599dd6b3

git.kernel.org/...c/27ef84bba9b9d7b03418c60fbc6069ea0e87b13c

git.kernel.org/...c/f8995c2df519f382525ca4bc90553ad2ec611067

cve.org (CVE-2026-31781)

nvd.nist.gov (CVE-2026-31781)

Download JSON

help @ threatint.eu