473 matches found
SUSE CVE-2026-46309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...
EUVD-2025-210081
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...
CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...
PT-2026-47382
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm exec to take both locks i.e vm root bo and wptr obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr obj while a queue creation is ...
CVE-2026-46217
A flaw was found in the Linux kernel, specifically within the AMD GPU Graphics Processing Unit driver component drm/amdgpu/vcn4. This vulnerability is caused by an integer overflow during a message bound check. An attacker could potentially exploit this flaw to cause system instability or a denia...
CVE-2026-46215
The CVE concerns a race condition in the Linux kernel’s DRM change_handle path. A concurrent gem_close could remove one handle while another remained dangling, enabling a use-after-free. The fix uses the same sequence as gem_close: first replace the old handle with NULL via idr_replace, then, if ...
CVE-2026-46215
In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...
CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the changehandle function within the DRM mechanism. This vulnerability may le...
CVE-2026-45956
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct vidicontext pointer. However, drmdev-dev is the exynos-drm master device, an...
CVE-2025-71305
drm/display/dpmst: Add protection against 0 vcpi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an array-index-out-of-bounds issue in dcn35clkmgr. Why There is a potential memory access violation during the iteration of the dcn35 clks’ array. How The iteration rate per array size has been limited...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed a use-after-free issue during validation. The nodes stored in the validation duplicate hashtable originate from an arena allocator, which is cleared at the end of vmwexecbufprocess. All nodes are expected to be...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed the null check for pipectx-planestate in resourcebuildscalingparams. A null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure that ‘pipectx-planestate’ is...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the leak in the waitfence submitqueue operation. We were not releasing the reference to submitqueue in all paths. In particular, when the fence has already been signaled. We have created a helper function to...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dsi: fixed memory corruption due to too many bridges. Added a missing sanity check on the bridge counter to prevent corruption of data beyond the fixed-sized bridge array, in case there are ever more than eight bridges...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid dividing by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they can lead to a division by zero in downstream calls such as...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a6xx: Fixed the issue where kvzalloc was used instead of statekcalloc. The adrenoshowobject function is a bug. It reallocates the pointer passed during the first call, when the data is encoded as ascii85. To address...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau/debugfs: fixed the memory leak when releasing files. When using singleopen to open a file, singlerelease should be called. Otherwise, the memory allocated with singleopen may be leaked...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fixed a null pointer dereferencing in nv17tvgethdmodes. In nv17tvgethdmodes, the return value of drmmodeduplicate is assigned to mode. This may lead to a null pointer dereferencing if drmmodeduplicate fails...