139 matches found
EUVD-2025-201862
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xegemfault when running corehotunplug test. I saw an oops in xegemfault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic happens after corehotunpl...
CVE-2023-53844
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on swapout move error If moving the bo to system for swapout failed, we were leaking a resource. Fix...
CVE-2025-40339
The CVE-2025-40339 entry concerns the Linux kernel AMDGPU DRM path. Affected component: drm/amdgpu in the kernel; issue arises when an amdgpu_bo_va is fpriv->prt_va, causing the bo to be NULL and triggering a NULL-pointer scenario during vm_handle_moved. Root cause: nullptr error handling in v...
CVE-2023-53816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...
CVE-2023-53819 amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This is motivated by OOB access in amdgpuvmupdaterange when offsetinbo+mapsize overflows. v2: keep the validations in amdgpuvmbomap v3: add the validations to...
CVE-2023-53816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgdmem UAFs kgdmem pointers returned by kfdprocessdevicetranslatehandle are only guaranteed to be valid while p-mutex is held. As soon as the mutex is unlocked, another thread can free the BO...
PT-2025-49676
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/amdkfd subsystem that could lead to use-after-free UAF issues with kgd mem pointers. Specifically, pointers returned by the kfd process...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989514)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989514 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveauboinit is backed by ttmboinit and...
PT-2025-53015
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the Intel iGPU IVPU driver related to buffer object BO unbinding. Specifically, the issue occurs when ivpu gem bo free removes a BO from the list before it...
EUVD-2008-2311
Malware in sbrugna...
CVE-2022-50417
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrostgemcreatewithhandle previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a...
CVE-2023-53378 drm/i915/dpt: Treat the DPT BO as a framebuffer
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Treat the DPT BO as a framebuffer Currently i915gemobjectisframebuffer doesn't treat the BO containing the framebuffer's DPT as a framebuffer itself. This means eg. that the shrinker can evict the DPT BO while leavi...
CVE-2023-53378
Summary (CVE-2023-53378): A Linux kernel issue in the i915 driver where the DPT backing object (DPT BO) for a framebuffer was not treated as a framebuffer by i915_gem_object_is_framebuffer(). This allowed the shrinker to evict the DPT BO while the actual FB BO remained bound, potentially causing ...
Linux Distros Unpatched Vulnerability : CVE-2025-38672
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert drm/gem-dma: Use dmabuf from GEM object instance This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dmabuf field in struct drmgemobject is...
CVE-2025-38674
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dmabuf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes NU...
CVE-2025-38672
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dmabuf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes...
CVE-2025-38672 Revert "drm/gem-dma: Use dma_buf from GEM object instance"
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dmabuf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes...
CVE-2025-38669 Revert "drm/gem-shmem: Use dma_buf from GEM object instance"
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dmabuf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field become...
CVE-2025-38669
CVE-2025-38669 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable across a GEM object’s lifetime, becoming NULL after the final GEM handle is released, leading to a NULL-pointer dereference. The vulnerability arose after a change to use dma_buf from the G...
Linux Distros Unpatched Vulnerability : CVE-2024-46866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in showmeminfo bomeminfo wants to inspect bo state lik...