PT-2026-47382

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm exec to take both locks i.e vm root bo and wptr obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr obj while a queue creation is ...

CVE-2026-46245

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dclink NULL handling in HPD init amdgpudmhpdinit may see connectors without a valid dclink. The code already checks dclink for the polling decision, but later unconditionally dereferences it when setting up H...

CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

CVE-2026-46217

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. cherry picked from commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885...

CVE-2026-45947

A flaw was found in the Linux kernel's AMD GPU display drm/amdgpu component. This vulnerability involves a memory leak within the amdgpuacpienumeratexcc function. When certain errors occur during the initialization process, the system fails to properly release allocated memory. This oversight can...

CVE-2026-45853

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpugmcgetnpsmemranges amdgpudiscoverygetnpsinfo internally allocates memory for ranges using kvcalloc, which may use vmalloc for large allocation. Using kfree to release vmalloc memor...

CVE-2026-45979

drm/amdgpu: clean up the amdgpucsparserbos...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgputtmgartbind set gtt bound flag Otherwise, after the GTT context is released, the GTT and gart space are freed. However, amdgputtmbackendunbind does not clear the gart page table entry, leaving a valid mapping...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validated user queue size constraints. Added validation to ensure that user queue sizes meet hardware requirements: - The size must be a power of two for efficient ring buffer wrapping. - The size must be at least...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Protection against bad data for the ATIF ACPI method. If a BIOS provides bad data in response to an ATIF method call, this causes a NULL pointer dereference in the caller. The vulnerability has been encountered on at lea...

drm/amdgpu: add upper bound check on user inputs in wait ioctl

...

SUSE CVE-2026-43195

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...

CVE-2026-43369

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...

CVE-2026-43369 drm/amd: Fix NULL pointer dereference in device cleanup

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls...

CVE-2026-43370

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

PT-2026-39060

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the amdgpu userq wait ioctl function. The issue occurs when the ioctl is aborted because the output array is too small, failing to drop references to the synco...

drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4

...

CVE-2026-43195

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...

CVE-2026-43195

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...