2896 matches found
CVE-2026-43287
In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...
CVE-2026-43320
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue why Need to add function hook check before use...
CVE-2026-43302
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...
CVE-2026-43320 drm/amd/display: Fix dsc eDP issue
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue why Need to add function hook check before use...
CVE-2026-43302
CVE-2026-43302 affects the Linux kernel with the drm/v3d DMA API debug path. A vulnerability was resolved by ensuring max_seg_size is set to the maximum, preventing debug_dma_map_sg() warnings about SG segment lengths (len=8290304, max=65536) when V3D rendering is used with CONFIG_DMA_API_DEBUG e...
PT-2026-38944
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/v3d component where the max seg size is not set when using V3D rendering with CONFIG DMA API DEBUG enabled. This causes the kernel to default to a 64K segment...
PT-2026-39061
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the drm/amdgpu component where the amdgpu userq signal ioctl function lacks proper upper bound checks on user inputs. Providing excessively large input values can lead t...
PT-2026-39030
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during GPU device cleanup when initialization fails due to an unsupported hardware block. In this scenario, IP blocks may have a NULL version pointer. T...
drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4
...
CVE-2026-43131
A flaw was found in the Linux kernel. When the System Management Unit SMU is disabled during Reliability, Availability, and Serviceability RAS initialization, a null pointer dereference occurs within the drm/amd/pm module. This issue can lead to a system crash, resulting in a Denial of Service Do...
EUVD-2026-27796
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...
EUVD-2026-27767
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfdeventpageset The kfdeventpageset function writes KFDSIGNALEVENTLIMIT 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of...
EUVD-2025-209682
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, bufferfuncs will not initialize, fix the null pointer issue if bufferfuncs not initialized...
CVE-2026-43195
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...
CVE-2026-43131
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...
CVE-2026-43206 drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfdeventpageset The kfdeventpageset function writes KFDSIGNALEVENTLIMIT 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of...
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...
CVE-2026-43104
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...
SUSE CVE-2026-31784
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxpstart after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. cherry picked from commit...
PT-2026-37577
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the amdgpu gem va ioctl function where the fence was selected too early and its reference was not managed correctly. This leads to refcount underflows and the use of...