kernel: RDMA/umem: Fix double dma_buf_unpin in failure path

A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “drm/gem-framebuffer: Use dmabuf from GEM object instance” has been reverted. This reversion is reflected in commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dmabuf field in the struct drmgemobject is not stable throughout th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fixed the issue where the dmabuf was not unpined in the error-prone preparefb function. Corrected the error handling in preparefb to prevent resource leaks when an error occurs...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fixed an issue where the CMA heap fault handler made a mistake in calculating the boundary. Until the VMDONTEXPAND flag was added in commit 1c1914d6e8c6 “dma-buf: heaps: Don’t track CMA dma-buf pages under RssFile...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free. References to i915requests may be trapped by the user space within a syncfile or dmabuf dma-resv and held indefinitely across different processes. To counte...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘drm/gem-dma: Use dmabuf from GEM object instance’” This change is reflected in commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dmabuf field in the struct drmgemobject is not stable throughout the lifetime of the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fixed UAF in exportdmabuf Once we insert a file reference into the descriptor table, another thread may close that file. This is fine if all we’re doing is returning the descriptor to userland—it’s a race condition, b...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvmem: zynqmpnvmem: Fixed the buffer size in DMA and memcpy. The buffer size used in DMA allocation and memcpy is incorrect. This can lead to undersized DMA buffer accesses and potential memory corruption. Use the correct buff...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: udmabuf: Set the DMA mask for the udmabuf device v2 If the DMA mask is not set explicitly, the following warning occurs when the userspace attempts to access the dma-buf via the CPU, as reported by syzbot: WARNING: CPU: 1 PID:...

CVE-2026-46312

A flaw was found in the videobuf2 subsystem of the Linux kernel. The vb2dmasgmmap function did not correctly set Virtual Memory Area VMA flags, specifically VMDONTEXPAND and VMDONTDUMP. This oversight could lead to a kernel warning and system crash when mapping an imported Direct Memory Access DM...

CVE-2026-46312

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vmaflags in vb2dmasgmmap vb2dmacontig sets VMA flags VMDONTEXPAND and VMDONTDUMP and I do not see a reason why vb2dmasg should behave differently. This avoids hitting WARNON!vma-vmflags & VMDONTEXPAND; in...

CVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmap

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vmaflags in vb2dmasgmmap vb2dmacontig sets VMA flags VMDONTEXPAND and VMDONTDUMP and I do not see a reason why vb2dmasg should behave differently. This avoids hitting WARNON!vma-vmflags & VMDONTEXPAND; in...

PT-2026-47383

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the videobuf2 component of the Linux kernel where the vb2 dma sg mmap function fails to set the VM DONTEXPAND and VM DONTDUMP VMA flags. This inconsistency with vb2 dm...

CVE-2026-46224

A flaw was found in the Linux kernel's drm/xe driver. When a buffer object allocation fails within the xedmabufinitobj function, a pre-allocated storage buffer is not correctly released. This oversight can lead to a resource leak, potentially causing system instability or a denial of service DoS...

CVE-2026-46224

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage before returning the error. xedmabufinitobj calls xeboinitlocked, whi...

CVE-2026-46201

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xegemprimeimport When xedmabufinitobj fails, the attachment from dmabufdynamicattach is not detached. Add dmabufdetach before returning the error. Note: we cannot use goto outerr here becaus...

CVE-2026-46201

CVE-2026-46201 affects the Linux kernel drm/xe: an error path in xe_gem_prime_import() leaks a dma_buf attachment when xe_dma_buf_init_obj() fails, because the attachment from dma_buf_dynamic_attach() is not detached. The fix explicitly detaches via dma_buf_detach() before returning an error, avo...

CVE-2026-46201 drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xegemprimeimport When xedmabufinitobj fails, the attachment from dmabufdynamicattach is not detached. Add dmabufdetach before returning the error. Note: we cannot use goto outerr here becaus...

PT-2026-44324

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the drm/xe component when the xe gem prime import function is called. Specifically, if the xe dma buf init obj function fails, the attachment created by dma buf...

CVE-2026-46007

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the buffer may be used for DMA, that is problematic. Use the high-level DMA...