CVE-2026-53138

A flaw was found in the Linux kernel's AMD display drm/amd/display driver. A malformed VBIOS image can cause unbounded processing loops, leading to an out-of-bounds read. This could result in information disclosure or a system crash...

EUVD-2026-39343

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

EUVD-2026-39341

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

CVE-2026-53136

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

CVE-2026-53138

The CVE affects the Linux kernel’s drm/amd/display path. A malformed VBIOS image could cause unbounded iteration during probe due to for(;;) record-chain walks in bios_parser.c/bios_parser2.c, terminating only on a 0xFF sentinel or a zero record_size. In worst cases, this could loop hundreds of t...

CVE-2026-53136 drm/amd/display: Clamp VBIOS HDMI retimer register count to array size

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

CVE-2026-53136

The CVE pertains to the Linux kernel driver drm/amd/display. A malformed VBIOS can set HdmiRegNum/Hdmi6GRegNum to values up to 255, used as loop bounds when copying retimer I2C settings into fixed-size arrays, causing an out-of-bounds heap write during driver probe. The fix clamps each register c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fixed a memory leak in generatelfpdataptrs When size != 0 || ptrs-lvdsentries != 3, the program attempts to use free on ptrs. However, ptrs is not created by calling kzmalloc; instead, it is obtained through a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: hp-bioscfg: Fixed kernel panic in the GETINSTANCEID macro. The GETINSTANCEID macro caused a kernel panic when accessing sysfs attributes. 1. Off-by-one error: The loop condition used name without checking whether...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the “block” layer, do not call “rqqosops-donebio” if the bio data structure is not being tracked. The “rqqos” framework is only applied on request-based drivers. Therefore: 1 The “rqqosdonebio” function is not necessary for...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Add acpiputtable to prevent a memory leak. When the radeon driver reads BIOS information from the ACPI table in radeonacpivfctbios, it fails to call acpiputtable to release the ACPI memory after initialization...

Astra Linux – Vulnerability in Intel Microcode

Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before the BIOS version MR7 may allow a local attacker to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fixed an issue where the BIOS boundary checking was off by one. Bounds checking during the parsing of init scripts embedded in the BIOS prevents access to the last byte. This causes driver initialization to fail on...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89 – fw: scan offload prohibit all 6 GHz channels if no 6 GHz sband exists. We have certain policies via the BIOS that prevent the use of 6 GHz frequencies. In this case, the 6 GHz sband parameter will be set to NULL, ev...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Fixed a problem where the touchscreen function was not working properly on the Chuwi Hi8 when using the Windows BIOS. The handling of touchscreen operations for the Chuwi Hi8 is only necessary...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm: Clearing the clone request’s bio pointer when the last cloned bio is freed It has been observed that stale values of rq-bio can lead to double initialization of cloned bios in request-based device-mapper targets, resulting in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Allowing devdata==NULL in intelbiosencodersupportsdpdualmode. If we don’t have a VBT, or if the VBT did not declare the encoder, we won’t have the ‘devdata’ for that encoder. Instead of throwing an error, we should...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Check BIOS images before they are used. BIOS images may fail to load, and null checks are added before they are used. This fix addresses 6 NULLRETURNS issues reported by Coverity...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: A memory leak has been fixed in ipcpciereadbioscfg. The ipcpciereadbioscfg function uses acpievaluatedsm to obtain the wwan power state configuration from the BIOS. However, it does not free the acpiobject after...

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...