Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Protection against bad data for the ATIF ACPI method. If a BIOS provides bad data in response to an ATIF method call, this causes a NULL pointer dereference in the caller. The vulnerability has been encountered on at lea...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: adreno: Fixed the issue where ifpcreglist was referenced even though it wasn’t declared. On platforms with an A7xx GPU that does not support IFPC, ifpcreglist is still referenced in a6xxpatchpwrupreglist, which causes...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed an access race in the gpu recovery process. A potential UAF Uninitialized Address Fault during GPU recovery was avoided due to a race between the sched timeout callback and the tdr work queue. The gpu recovery...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The oem i2c adapter is removed after the operation is completed. This fix addresses a bug where unbinding the GPU would leave the oem i2c adapter registered, resulting in a null pointer dereference when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the crash that occurred during bootup when the separategpudrm modparam was set. The drmgemforeachgpuvmbo call from lookupvma accesses drmgemobj.gpuva.list, which is not initialized when the DRM driver does not...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed the issue where mode1 reset caused crashes. If the HW scheduler hangs and mode1 reset is used to recover the GPU, the KFD signals the user space to abort the processes. After the process aborts, user queues...

Astra Linux – Vulnerability in Chromium

A stack buffer overflow in the GPU process in Google Chrome on Linux prior to version 88.0.4324.182 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a4xx: Fixed error handling in a4xxgpuinit. This code now returns 1 on error instead of a negative error. This leads to an “Oops” in the calling function. Another issue is that the check if ret != -ENODATA cannot be tru...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: The refcount leak in a6xxgpuinit has been fixed. The ofparsephandle function returns a node pointer with the refcount incremented. We should use ofnodeput on this pointer when we no longer need it. The a6xxgmuinit...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fixed handling of partial GPU mapping of BOs. This commit fixes the bug in handling partial mapping of buffer objects to the GPU, which caused kernel warnings. Panthor did not handle correctly the case where the...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the GPU component of Google Chrome prior to version 146.0.7680.178 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15

A NULL pointer dereference vulnerability was discovered in the vmwgfx driver, located in the file vmwgfxexecbuf.c within the GPU component of the Linux kernel. The vulnerability affects device files such as '/dev/dri/renderD128' or 'Dxxx'. This flaw allows a local attacker with a user account on...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU. The runtime PM suspend callback does not know whether the IRQ handler is in progress on a different CPU core and therefore does not wait for it to finish. Dependi...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgputtmgartbind set gtt bound flag Otherwise, after the GTT context is released, the GTT and gart space are freed. However, amdgputtmbackendunbind does not clear the gart page table entry; instead, it leaves a valid...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree. If virtiogpuobjectshmeminit fails e.g., due to fault injection, as happened in the bug report by syzbot, virtiogpuarrayputfree might be called with objs being NUL...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: The ioaw hook was defined as mmiowb. The commit fb24ea52f78e0d595852e states that “drivers: Explicit invocations of mmiowb were removed.” All occurrences of mmiowb in drivers were removed. However, it is noted that:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix null ptr access in adrenogpucleanup Fix the below kernel panic due to null pointer access: 18.504431 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 18.513464 Mem abort inf...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fixed a crash that occurs when the GPU is throttled immediately during boot. There is a small chance that the GPU might be already hot during boot. In that case, the call to ofdevfreqcoolingregister will immediately...

CVE-2026-22167

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

CVE-2026-22165

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...