CVE-2026-31571

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915: Unlink NV12 planes earlier<br /> <br /> unlink_nv12_plane() will clobber parts of the plane state<br /> potentially already set up by plane_atomic_check(), so we<br /> must make sure not to call the two in the wrong order.<br /> The problem happens when a plane previously selected as<br /> a Y plane is now configured as a normal plane by user space.<br /> plane_atomic_check() will first compute the proper plane<br /> state based on the userspace request, and unlink_nv12_plane()<br /> later clears some of the state.<br /> <br /> This used to work on account of unlink_nv12_plane() skipping<br /> the state clearing based on the plane visibility. But I removed<br /> that check, thinking it was an impossible situation. Now when<br /> that situation happens unlink_nv12_plane() will just WARN<br /> and proceed to clobber the state.<br /> <br /> Rather than reverting to the old way of doing things, I think<br /> it&amp;#39;s more clear if we unlink the NV12 planes before we even<br /> compute the new plane state.<br /> <br /> (cherry picked from commit 017ecd04985573eeeb0745fa2c23896fb22ee0cc)