469 matches found
CVE-2026-46217
A flaw was found in the Linux kernel, specifically within the AMD GPU Graphics Processing Unit driver component drm/amdgpu/vcn4. This vulnerability is caused by an integer overflow during a message bound check. An attacker could potentially exploit this flaw to cause system instability or a denia...
CVE-2026-46215
The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...
CVE-2026-46215
In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the changehandle function within the DRM mechanism. This vulnerability may le...
CVE-2026-45956
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...
CVE-2025-71305
drm/display/dpmst: Add protection against 0 vcpi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an array-index-out-of-bounds issue in dcn35clkmgr. Why There is a potential memory access violation during the iteration of the dcn35 clks’ array. How The iteration rate per array size has been limited...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid dividing by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they can lead to a division by zero in downstream calls such as...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dsi: fixed memory corruption due to too many bridges. Added a missing sanity check on the bridge counter to prevent corruption of data beyond the fixed-sized bridge array, in case there are ever more than eight bridges...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a6xx: Fixed the issue where kvzalloc was used instead of statekcalloc. The adrenoshowobject function is a bug. It reallocates the pointer passed during the first call, when the data is encoded as ascii85. To address...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau/debugfs: fixed the memory leak when releasing files. When using singleopen to open a file, singlerelease should be called. Otherwise, the memory allocated with singleopen may be leaked...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fixed a null pointer dereferencing in nv17tvgethdmodes. In nv17tvgethdmodes, the return value of drmmodeduplicate is assigned to mode. This may lead to a null pointer dereferencing if drmmodeduplicate fails...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers. The kms paths maintain a persistent map that is active for reading and comparing the cursor buffer. These maps can conflict with each other in simple scenarios where: a buffer “a...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Do not leak a resource during the swapout movement operation. If moving the buffer to the system for swapout failed, we were leaking a resource. This issue has been fixed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The pointer used to indicate that the HVS FIFO has been committed should be cleared after the operation is completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed another leak in the submit error path. The putunusedfd function does not free the unused file descriptor if we have already performed the fdinstall operation. Therefore, we also need to free the syncfile. Patch...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check for cstate. Since kzalloc may fail and return a NULL pointer, it would be better to check the cstate to avoid dereferencing the NULL pointer in drmatomichelpercrtcreset. Patch details:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Do not leak some plane state. Apparently, no one noticed that the mdp5 plane states are being leaked quite severely. This issue was addressed since we introduced the planestate-commit refcount mechanism a few years...