2327 matches found
CVE-2026-31766
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
CVE-2026-31766
The CVE-2026-31766 issue affects the Linux kernel AMDGPU driver: amdgpu_userq_get_doorbell_index() passes user-supplied doorbell_offset to amdgpu_doorbell_index_on_bar() without proper bounds checking. An arbitrarily large doorbell_offset can drive the computed doorbell index outside the allocate...
EUVD-2026-26579
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
CVE-2026-31765
Summary: CVE-2026-31765 affects the Linux kernel AMDGPU driver. A mismatch between the reserved trap area (AMDGPU_VA_RESERVED_TRAP_SIZE) and the allocated KFD GPU memory on systems with 64KB pages can cause a kernel crash, including a NULL pointer dereference, when running certain GPU tests (e.g....
EUVD-2026-26578
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...
CVE-2026-31765
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...
CVE-2026-31765 drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mismatch between AMDGPUVARESERVEDTRAPSIZE and KFDCWSRTBATMASIZE in the drm amdgpu driver on 64K page...
PT-2026-36401
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell offset in user queue creation amdgpu userq get doorbell index passes the user-provided doorbell offset to amdgpu doorbell index on bar without bounds checking. An arbitrarily large doorbell offset ca...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drm amdgpu driver not validating the doorbelloffset boundary in user queue creation, which could lead to...
drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
...
SUSE CVE-2026-31566
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...
Linux Distros Unpatched Vulnerability : CVE-2026-31566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used ...
CVE-2026-31566
A flaw was found in the Linux kernel's AMD GPU amdgpu driver. An issue in the amdgpuamdkfdsubmitib function allows a local user to trigger a use-after-free vulnerability. This occurs because a fence reference is incorrectly released before waiting for job completion, potentially freeing the memor...
DEBIAN-CVE-2026-31566
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...
CVE-2026-31566
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...
CVE-2026-31566
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...
CVE-2026-31566
CVE-2026-31566 concerns the Linux kernel amdgpu driver (amdgpu_amdkfd_submit_ib). The issue arises when a fence reference is dma_fence_put()’ed before dma_fence_wait() completes, which can free the fence prematurely and trigger a use-after-free during job completion. Publicly documented fixes sho...
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...
CVE-2026-31566
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...