EUVD-2026-39281

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dmafence refcount leak on error in virtiogpudmafencewait dmafenceunwrapforeach internally calls dmafenceunwrapfirst which does cursor-chain = dmafencegethead, taking an extra reference. On normal loop completion,...

CVE-2026-53190

CVE-2026-53190 (in the Linux kernel, drm/virtio) fixes a refcount leak in virtio_gpu_dma_fence_wait. The bug occurred when virtio_gpu_do_fence_wait() returned early inside dma_fence_unwrap_for_each(), leaving cursor->chain unreleased. The fix adds a dma_fence_put(itr.chain) before the early re...

CVE-2026-53190

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dmafence refcount leak on error in virtiogpudmafencewait dmafenceunwrapforeach internally calls dmafenceunwrapfirst which does cursor-chain = dmafencegethead, taking an extra reference. On normal loop completion,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: Flush the current CPU’s ICache before flushing other CPUs. On SiFive Unmatched, I recently encountered the following bug during bootup: 0.000000 ftrace: allocating 36610 entries in 144 pages 0.000000 Oops – illegal...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Ensure that dma-fences comply with safe access rules. The xe mechanism can free some of the data pointed to by the dma-fences it exports. Notably, the “timeline name” can be freed if the user space closes the associated...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed the issue of a reference leak during queue teardown in version 2. The user mode queue maintains a pointer to the most recent fence in userq-lastfence. This pointer retains an additional dmafence reference...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Ensure that lastfence is always updated. Update lastfence in the vm-bind path, rather than the kernel-managed path. lastfence is used to wait for work to complete in vmbind contexts, but not in kernel-managed contexts...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/vgem-fence: Fixed potential deadlock issues upon release. A timer that automatically releases a vgem fence after 10 seconds is now implemented. This is achieved by calling timerdeletesync from fence-ops.release, which is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the issue where the fence was put before waiting in amdgpuamdkfdsubmitib. The amdgpuamdkfdsubmitib function submits a GPU job and obtains a fence from amdgpuibschedule. This fence is used to wait for the job to...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Fixed a deadlock in DMA buffer fence polling. A new version of the fence operations was introduced, which, upon release, does not remove the fences from the pending list. This eliminates the need for a lock to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fix for dma-fence safe access rules Commit 506aa8b02a8d6 “dma-fence: Add safe access helpers and document the rules” details the dma-fence safe access rules. The most common issue is that...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dma-buf/syncfile: Do not leak fences during merge failures. Each call to addfence performs a dmafenceget operation on the relevant fence. In error-prone scenarios, we did not call dmafenceput, resulting in all those fences bei...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gt: Fixed a potential UAF issue by revoking the fence registers. CI has been sporadically reporting the following issue triggered by igt@i915selftest@live@hangcheck on ADL-P and similar machines: 414.049203 i915:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/sched: Fixed the leak caused by referencing the fence’s reference count. The lastscheduled fence leaks occurs when an entity is being terminated, and the cleanup callback fails. The reference count of prev was decremented...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpucs: fixed the reference count leak of a dmafence object. This issue occurs in an error path within amdgpucsfencetohandleioctl. When info-in.what falls under the default case, the function simply returns...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Refactored amdgpugemvaioctl to handle last fence updates and timeline management v4. This commit simplifies the amdgpugemvaioctl function by introducing the following key updates: - Moved the logic for managing the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fixed the memory leak caused by improper release of the user fence when dmafencechainalloc fails. When dmafencechainalloc fails, it is necessary to properly release the reference to the user fence to prevent a memory...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence()

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence()

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence()

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...