336122 matches found
CVE-2026-46312
In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vmaflags in vb2dmasgmmap vb2dmacontig sets VMA flags VMDONTEXPAND and VMDONTDUMP and I do not see a reason why vb2dmasg should behave differently. This avoids hitting WARNON!vma-vmflags & VMDONTEXPAND; in...
CVE-2026-46312
The CVE-2026-46312 vulnerability in the Linux kernel concerns media: videobuf2. A fix was applied to vb2_dma_sg_mmap to set VMA flags (VM_DONTEXPAND/VM_DONTDUMP) so that vb2_dma_sg behaves consistently with vb2_dma_contig. This change prevents a WARN_ON in drm_gem_mmap_obj() during mmap() of an i...
CVE-2026-46311
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
CVE-2026-46311
The CVE-2026-46311 entry documents a Linux kernel kernel graphics subsystem issue in drm/amdgpu/userq where an access to a stale wptr mapping could occur during queue creation, potentially leading to improper unmapping of wptr_obj. The root cause is improper synchronization when accessing the map...
CVE-2026-46311
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
EUVD-2026-35121
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
CVE-2026-46311 drm/amdgpu/userq: fix access to stale wptr mapping
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
EUVD-2026-35120
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...
CVE-2026-46310
The vulnerability CVE-2026-46310 affects Linux kernel media: renesas vsp1, where unloading the gen 4 module could dereference NULL due to cleanup calling vsp1_drm_cleanup() instead of vsp1_vspx_cleanup(). The root cause is an IP version check omission during cleanup, which could trigger a NULL po...
CVE-2026-46310
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...
CVE-2026-46310 media: renesas: vsp1: Fix NULL pointer deref on module unload
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...
CVE-2026-46310
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...
CVE-2026-46309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...
CVE-2026-46309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...
CVE-2026-46309 drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise
In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...
CVE-2026-46309
CVE-2026-46309 concerns the Linux kernel’s DRM-XE UAPI path. The issue arises from missing validation in xe_vm_madvise_ioctl(): it could reject PAT indices with the XE_COH_NONE coherency mode when applied to CPU cached memory. If coh_none is used with CPU cached buffers, the clear operation may s...
CVE-2026-46308
In the Linux kernel, a use-after-free was fixed in mediatek’s scpsys_get_bus_protection_legacy by moving of_node_put(node) after the error check, preventing use of a freed device node when syscon_regmap_lookup_by_phandle() errors. Affected: Linux kernel code path; vulnerability details and risk a...
CVE-2026-46308
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy In scpsysgetbusprotectionlegacy, offindnodewithproperty returns a device node with its reference count incremented. The function then calls ofnodeputnode befo...
CVE-2026-46308 pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy()
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy In scpsysgetbusprotectionlegacy, offindnodewithproperty returns a device node with its reference count incremented. The function then calls ofnodeputnode befo...
CVE-2026-46308
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy In scpsysgetbusprotectionlegacy, offindnodewithproperty returns a device node with its reference count incremented. The function then calls ofnodeputnode befo...