2910 matches found
CVE-2026-7639
CVE-2026-7639 describes a vulnerability where software running as a non-privileged user can trigger a sequence of improper GPU system calls that cause use-after-free in the driver, enabling unprivileged access to memory from shader code. The failure path in MMU mapping can prevent complete cleanu...
CVE-2026-34196 GPU DDK - UAF read and/or write of arbitrary physical memory due to integer truncation in PMRDevPhysAddrOSMem
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...
CVE-2026-53356
The CVE-2026-53356 entry concerns the Linux kernel DRM/I915 GEM code. The root cause is in sg_page() returning a struct page pointer instead of (void *) which mis-scales pread/pwrite for phys BO and can cause access to incorrect parts of a buffer when a non-zero offset is used. A fix was cherry-p...
EUVD-2026-40981
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix driver removal with disabled KMS DRM atomic and modesetting aren't initialized if virtio-gpu driver built with disabled KMS, leading to access of uninitialized data on driver removal/unbinding and crashing kernel...
CVE-2026-53330 drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...
Linux Distros Unpatched Vulnerability : CVE-2026-52950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init befor...
Linux Distros Unpatched Vulnerability : CVE-2026-53201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert drm/xe: Skip exec queue schedule toggle if queue is idle during suspend This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip...
Linux Distros Unpatched Vulnerability : CVE-2026-53054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm: Fix VMBIND UNMAP locking Wrong argument meant that the objs involved in UNMAP ops were not always getting locked. Since NOSHARE objs share a common res...
Linux Distros Unpatched Vulnerability : CVE-2026-53141
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but...
drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
...
DEBIAN-CVE-2026-53316
In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...
CVE-2026-53293
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g. copytouser was called while holding the lock. Then we allocated memory...
EUVD-2026-39895
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
CVE-2026-53139
A flaw was found in the Linux kernel's graphics driver for Broadcom V3D VideoCore V GPUs. This vulnerability occurs when a compute shader dispatch CSD is initiated with zero workgroup counts, which the hardware could misinterpret as a very large number. This misinterpretation could lead to...
CVE-2026-53140
A flaw was found in the Linux kernel's drm/v3d driver. This vulnerability occurs because a specific function, v3drewritecsdjobwgcountsfromindirect, does not correctly release virtual address mappings under certain conditions, specifically when workgroup counts are zero. This oversight results in ...
CVE-2026-53136
A flaw was found in the Linux kernel's AMD display driver. This vulnerability occurs when the driver processes malformed VBIOS Video Basic Input/Output System data. Specifically, unvalidated register counts in the VBIOS can lead to an out-of-bounds memory write during the driver's initialization...
CVE-2026-52976
A flaw was found in the Linux kernel. Specifically, within the drm/xe graphics driver, two error handling issues in the xeexecqueuecreateioctl function could lead to memory corruption. This could result in a dangling pointer or a use-after-free vulnerability. A local attacker could potentially...
CVE-2026-53140
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3drewritecsdjobwgcountsfromindirect maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgro...
UBUNTU-CVE-2026-53139
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with a zero count in any of the three dimensions is invalid. First, the...
CVE-2026-53201
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...