CVE-2026-31488

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the amdgpu component where the mode changed flag is incorrectly reset to false during DSC (Display Stream Compression) validation when recomputing the configuration results in no timing change for a specific stream. This occurs in scenarios where a change in MST/DSC configuration happens in the same KMS commit as an unrelated mode change. Consequently, dm update crtc state() creates new streams for CRTCs with DSC-independent mode changes, but amdgpu dm commit streams() fails to release the old stream, leading to a memory leak. Additionally, amdgpu dm atomic commit tail() does not acquire a reference to the new stream, which results in a use-after-free condition when the stream is later disabled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.