EUVD-2025-210081

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

PT-2026-47382

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm exec to take both locks i.e vm root bo and wptr obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr obj while a queue creation is ...

CVE-2026-46217

A flaw was found in the Linux kernel, specifically within the AMD GPU Graphics Processing Unit driver component drm/amdgpu/vcn4. This vulnerability is caused by an integer overflow during a message bound check. An attacker could potentially exploit this flaw to cause system instability or a denia...

CVE-2026-46215

The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...

CVE-2026-46215

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...

CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the changehandle function within the DRM mechanism. This vulnerability may le...

CVE-2026-45956

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...

CVE-2025-71305

drm/display/dpmst: Add protection against 0 vcpi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an array-index-out-of-bounds issue in dcn35clkmgr. Why There is a potential memory access violation during the iteration of the dcn35 clks’ array. How The iteration rate per array size has been limited...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the leak in the waitfence submitqueue operation. We were not releasing the reference to submitqueue in all paths. In particular, when the fence has already been signaled. We have created a helper function to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid dividing by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they can lead to a division by zero in downstream calls such as...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dsi: fixed memory corruption due to too many bridges. Added a missing sanity check on the bridge counter to prevent corruption of data beyond the fixed-sized bridge array, in case there are ever more than eight bridges...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a6xx: Fixed the issue where kvzalloc was used instead of statekcalloc. The adrenoshowobject function is a bug. It reallocates the pointer passed during the first call, when the data is encoded as ascii85. To address...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau/debugfs: fixed the memory leak when releasing files. When using singleopen to open a file, singlerelease should be called. Otherwise, the memory allocated with singleopen may be leaked...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers. The kms paths maintain a persistent map that is active for reading and comparing the cursor buffer. These maps can conflict with each other in simple scenarios where: a buffer “a...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fixed a null pointer dereferencing in nv17tvgethdmodes. In nv17tvgethdmodes, the return value of drmmodeduplicate is assigned to mode. This may lead to a null pointer dereferencing if drmmodeduplicate fails...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The pointer used to indicate that the HVS FIFO has been committed should be cleared after the operation is completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a...