misc: fastrpc: fix use-after-free race in fastrpc_map_create

...

CVE-2026-53159

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...

CVE-2026-53158

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Fix for copy buffer page size For non-registered buffers, the fastrpc driver copies the buffer and passes it to the remote subsystem. There is a problem with the current implementation of page size calculation, ...

UBUNTU-CVE-2025-40036

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpcputargs copytouser failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987511)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987511 advisory. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput on failed usercopy If the copy back to userland fails for the...

FASTRPC_ATTR_KEEP_MAP Use-After-Free

A FASTRPCATTRKEEPMAP logic bug allows fastrpcinternalmunmapfd to concurrently free in-use mappings leading to a use-after-free condition...

DEBIAN-CVE-2022-48821

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput on failed usercopy If the copy back to userland fails for the FASTRPCIOCTLALLOCDMABUFF ioctl, we shouldn't assume that 'buf-dmabuf' is still valid. In fact, dmabuffd called fdinstall before, i.e...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue when handling IOCTL handlers in FastRPC...

PT-2024-5289 · Qualcomm · Qualcomm Embedded Platform Dsp Firmware

Name of the Vulnerable Software and Affected Versions: FastRPC affected versions not specified Qualcomm embedded platform DSP firmware affected versions not specified Description: The issue is related to memory corruption while processing an IOCTL handler in FastRPC. Additionally, there is a buff...

Qualcomm 组件 资源管理错误漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides functionality to Qualcomm devices. A resource management error vulnerability exists in FastRPC, which stems from a missing null check that can be used after release. The following products and...