2896 matches found
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...
CVE-2026-43104
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...
SUSE CVE-2026-31784
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxpstart after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. cherry picked from commit...
PT-2026-37577
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the amdgpu gem va ioctl function where the fence was selected too early and its reference was not managed correctly. This leads to refcount underflows and the use of...
PT-2026-37414
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the drm/vc4 component. When the vc4 save hang state function encounters an early return condition, it fails to free the previously allocated kernel state variable...
PT-2026-37471
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference occurs in the Linux kernel within the drm/amd/pm component. This issue is triggered during RAS Reliability, Availability, and Serviceability initialization whe...
PT-2026-37459
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer issue exists in the drm/amdgpu component. When the SDMA block is not enabled, buffer funcs fails to initialize, leading to a potential null pointer dereference...
PT-2026-37546
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in the kfd event page set function. The function uses memset to write KFD SIGNAL EVENT LIMIT 8 bytes without verifying the buffer size parameter. This allow...
Linux Distros Unpatched Vulnerability : CVE-2026-31767
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command...
CVE-2026-31781
A flaw was found in the Linux kernel's Direct Rendering Manager DRM subsystem, specifically in the drm/ioc32 component. This vulnerability, related to speculative execution a technique used by modern processors to guess future instructions, allows a local attacker to potentially disclose sensitiv...
CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...
CVE-2026-31785
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...
CVE-2026-31784 drm/xe/pxp: Clear restart flag in pxp_start after jumping back
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxpstart after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. cherry picked from commit...
CVE-2026-31781
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...
CVE-2026-31766
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
PT-2026-36416
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The drm compat ioctl path accepts a user-controlled pointer and dereferences it into a table of function pointers. This pattern is characteristic of Spectre problems, which are...
drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
...
CVE-2026-31571
A flaw was found in the Linux kernel's drm/i915 component. A local user can exploit this by configuring a graphics plane, previously designated for Y-component data Y plane, as a standard plane. This incorrect configuration leads to a race condition where the unlinknv12plane function improperly...
CVE-2026-31547
A flaw was found in the Linux kernel's drm/xe component. A missing runtime power management PM reference in the ccsmodestore function could lead to a warning about missing outer runtime PM protection. This issue indicates improper resource management within the graphics driver, which may affect...
CVE-2026-31540
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...