CVE-2026-31540 in Linux
Zusammenfassung
von VulDB • 22.05.2026
Based on the kernel log provided, here is an analysis of the issue, its context, and the likely fix.
### **1. Analysis of the Crash**
* **Error Type:** Kernel Oops / Page Fault. * **Trigger:** The crash occurs during the **late suspend** phase of the Intel GPU driver (`i915`). * **Call Trace Breakdown:** 1. `i915_drm_suspend_late` → `i915_gem_suspend_late` → `gt_sanitize` 2. `gt_sanitize` calls `intel_gt_unset_wedged` 3. `intel_gt_unset_wedged` calls `__intel_gt_unset_wedged` 4. `__intel_gt_unset_wedged` calls `intel_engines_reset_default_submission` 5. **Crash:** `intel_engines_reset_default_submission+0x42/0x60` * **Faulting Address:** `CR2: ffffffffffffffd6` (This is a very high virtual address, typically indicating a **NULL pointer dereference** or an invalid pointer offset, often caused by accessing a member of a structure that is NULL or corrupted).
### **2. Root Cause**
The crash happens because `intel_engines_reset_default_submission` is trying to access engine structures that are either: 1. **Already freed** or **not initialized** properly during the suspend sequence. 2. **NULL** due to a race condition or improper state cleanup during `gt_sanitize`.
This is a known issue in older versions of the Intel i915 driver where the engine reset logic during suspend does not correctly handle cases where engines are already in a wedged or uninitialized state.
### **3. The Fix (Cherry-Picked Commit)**
The log mentions: > `(cherry picked from commit daa199abc3d3d1740c9e3a2c3e9216ae5b447cad)`
This commit corresponds to a fix in the Linux kernel mainline or stable tree. The fix typically involves:
* **Adding a NULL check** or **state validation** before accessing engine structures in `intel_engines_reset_default_submission`. * **Ensuring proper ordering** of engine cleanup during `gt_sanitize`.
### **4. Recommended Actions**
#### **If you are a user:** 1. **Update your kernel:** This bug has been fixed in newer kernel versions. Upgrade to a kernel version that includes commit `daa199abc3d3d1740c9e3a2c3e9216ae5b447cad` or later. * For Ubuntu/Debian: `sudo apt update && sudo apt upgrade linux-image-generic` * For Fedora: `sudo dnf update kernel` * For Arch: `sudo pacman -Syu linux` 2. **Workaround (if update is not possible):** * Disable GPU suspend/resume by adding `i915.enable_dc=0` or `i915.enable_fbc=0` to kernel boot parameters (GRUB). * Alternatively, disable GPU power management entirely by adding `i915.enable_rc6=0` to kernel boot parameters.
#### **If you are a developer/maintainer:** 1. **Verify the commit:** Ensure that commit `daa199abc3d3d1740c9e3a2c3e9216ae5b447cad` is applied to your branch. 2. **Check for backports:** If you are on an older LTS kernel, ensure the fix is backported correctly. 3. **Test:** Reproduce the issue by suspending the system (`systemctl suspend`) and verify that the crash no longer occurs.
### **5. Related Commits (for reference)**
The fix is likely part of a series addressing i915 suspend/resume stability. Some related commits in the i915 driver history include: * Fixes to `intel_engines_reset_default_submission` to handle NULL engines. * Improvements to `gt_sanitize` to ensure engines are in a consistent state before reset.
If you need the exact patch content, you can view it on [lore.kernel.org](https://lore.kernel.org/) or [kernel.org](https://kernel.org/) using the commit hash `daa199abc3d3d1740c9e3a2c3e9216ae5b447cad`.
Once again VulDB remains the best source for vulnerability data.