2883 matches found
CVE-2026-53139
A flaw was found in the Linux kernel's graphics driver for Broadcom V3D VideoCore V GPUs. This vulnerability occurs when a compute shader dispatch CSD is initiated with zero workgroup counts, which the hardware could misinterpret as a very large number. This misinterpretation could lead to...
CVE-2026-53140
A flaw was found in the Linux kernel's drm/v3d driver. This vulnerability occurs because a specific function, v3drewritecsdjobwgcountsfromindirect, does not correctly release virtual address mappings under certain conditions, specifically when workgroup counts are zero. This oversight results in ...
CVE-2026-53136
A flaw was found in the Linux kernel's AMD display driver. This vulnerability occurs when the driver processes malformed VBIOS Video Basic Input/Output System data. Specifically, unvalidated register counts in the VBIOS can lead to an out-of-bounds memory write during the driver's initialization...
CVE-2026-52976
A flaw was found in the Linux kernel. Specifically, within the drm/xe graphics driver, two error handling issues in the xeexecqueuecreateioctl function could lead to memory corruption. This could result in a dangling pointer or a use-after-free vulnerability. A local attacker could potentially...
CVE-2026-53145
Technical details about CVE-2026-53145 are not publicly available in the provided documents. Monitor for updates from trusted sources.
CVE-2026-53139
The CVE-2026-53139 entry concerns the Linux kernel DRM/V3D path. A compute shader dispatch could receive zero counts in any workgroup dimension, which hardware would treat as 65536 while the driver reports a maximum of 65535; such zeroed counts could propagate through indirect CSD paths. The fix ...
EUVD-2026-38834
In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: The parameters of bo mapping operations need to be clarified. The parameters of amdgpuvmbomap/replacemap/clearingmappings should be verified in a single common place...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The commit pointer of the HVS FIFO is cleared once the operation is completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a wait for the previous commit that was...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereferencing of the timing generator Why & How Check whether the assigned timing generator is NULL before accessing its functions, to prevent NULL dereferencing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fixed an issue where the maxsubslices array-index-out-of-bounds access occurred. It appears that the commit bc3c5e0809ae “drm/i915/sseu: Do not try to store EU mask internally in UAPI format” exposed a potential...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fixed the potential use of OF nodes after their memory was freed. The foreachchildofnode helper function releases the reference it holds to each node while iterating over its children. The explicit ofnodeput call is...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup of FB if dpuformatpopulatelayout fails If dpuformatpopulatelayout fails, then FB is prepared, but not cleaned up. This results in the pincount being leaked from the GEM object, causing a crash during DRM file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Added the drmcrtccommitPut operation. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait on previous FIFO users before a commit” introduced a global state for the HVS, where each FIFO stores the current CRTC commit. This allow...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a bo leak in intelfbboframebufferinit. Added a unref to the error path to prevent the leakage of the bo reference. Returning 0 on success clarifies the success path. Cherry-picked from the commit...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure The xesyncentryparse function can allocate references such as syncobj, fence, chain fence“, or user fence before encountering later failure paths. Several of those...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a NULL pointer check for kzalloc Why & How Check the return pointer of kzalloc before using it...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fixed the null pointer dereferencing issue for vega10HWmogr. Checked the return value and performed null pointer handling to avoid null pointer dereferencing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: A deadlock occurs when the svm range restore operation is performed at process exit. The code kfdprocessnotifierrelease flushes svmrangerestorework, which in turn calls svmrangelistlockandflushwork to flush...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fixed a use-after-free in error handling of nouveauconnectorcreate. We cannot simply free the connector after calling drmconnectorinit on it. We need to clean up the DRM-related aspects first. This may not fix a...