CVE-2026-31656

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free and refcount underflow can occur in the drm/i915/gt component. This happens when the heartbeat worker and the intel engine park heartbeat() function race to release the same engine->heartbeat.systole request. The heartbeat worker reads the pointer and calls i915 request put() but clears the pointer in a non-atomic step. Simultaneously, a request retirement on another CPU can trigger engine park() and subsequently intel engine park heartbeat(). If the heartbeat timer is pending, cancel delayed work() returns true, and intel engine park heartbeat() may read a stale non-NULL pointer and call i915 request put() again, leading to the refcount underflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.