HOMEVULNERABILITIESCVE-2026-31562
MEDIUM

CVE-2026-31562

Published: April 24, 2026· Updated: Apr 27, 2026

5.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register

The call to mipi_dsi_host_register triggers a callback to mtk_dsi_bind,

which uses dev_get_drvdata to retrieve the mtk_dsi struct, so this

structure needs to be stored inside the driver data before invoking it.

As drvdata is currently uninitialized it leads to a crash when

registering the DSI DRM encoder right after acquiring

the mode_config.idr_mutex, blocking all subsequent DRM operations.

Fixes the following crash during mediatek-drm probe (tested on Xiaomi

Smart Clock x04g):

Unable to handle kernel NULL pointer dereference at virtual address

0000000000000040

[...]

Modules linked in: mediatek_drm(+) drm_display_helper cec drm_client_lib

drm_dma_helper drm_kms_helper panel_simple

[...]

Call trace:

drm_mode_object_add+0x58/0x98 (P)

__drm_encoder_init+0x48/0x140

drm_encoder_init+0x6c/0xa0

drm_simple_encoder_init+0x20/0x34 [drm_kms_helper]

mtk_dsi_bind+0x34/0x13c [mediatek_drm]

component_bind_all+0x120/0x280

mtk_drm_bind+0x284/0x67c [mediatek_drm]

try_to_bring_up_aggregate_device+0x23c/0x320

__component_add+0xa4/0x198

component_add+0x14/0x20

mtk_dsi_host_attach+0x78/0x100 [mediatek_drm]

mipi_dsi_attach+0x2c/0x50

panel_simple_dsi_probe+0x4c/0x9c [panel_simple]

mipi_dsi_drv_probe+0x1c/0x28

really_probe+0xc0/0x3dc

__driver_probe_device+0x80/0x160

driver_probe_device+0x40/0x120

__device_attach_driver+0xbc/0x17c

bus_for_each_drv+0x88/0xf0

__device_attach+0x9c/0x1cc

device_initial_probe+0x54/0x60

bus_probe_device+0x34/0xa0

device_add+0x5b0/0x800

mipi_dsi_device_register_full+0xdc/0x16c

mipi_dsi_host_register+0xc4/0x17c

mtk_dsi_probe+0x10c/0x260 [mediatek_drm]

platform_probe+0x5c/0xa4

really_probe+0xc0/0x3dc

__driver_probe_device+0x80/0x160

driver_probe_device+0x40/0x120

__driver_attach+0xc8/0x1f8

bus_for_each_dev+0x7c/0xe0

driver_attach+0x24/0x30

bus_add_driver+0x11c/0x240

driver_register+0x68/0x130

__platform_register_drivers+0x64/0x160

mtk_drm_init+0x24/0x1000 [mediatek_drm]

do_one_initcall+0x60/0x1d0

do_init_module+0x54/0x240

load_module+0x1838/0x1dc0

init_module_from_file+0xd8/0xf0

__arm64_sys_finit_module+0x1b4/0x428

invoke_syscall.constprop.0+0x48/0xc8

do_el0_svc+0x3c/0xb8

el0_svc+0x34/0xe8

el0t_64_sync_handler+0xa0/0xe4

el0t_64_sync+0x198/0x19c

Code: 52800022 941004ab 2a0003f3 37f80040 (29005a80)

NVD Source

Technical Analysis

CVE-2026-31562 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 3 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-31562
CVSS Score5.5 / 10
SeverityMEDIUM
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedApr 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31562 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.