EUVD-2026-35124

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...

CVE-2026-46314

The CVE concerns the Linux kernel’s drm/v3d component where v3d_get_extensions() walks a userspace-provided list of ioctl extensions without bound on chain length. A crafted self-referential extension (ext->next == &ext) with zero in_sync_count and out_sync_count can bypass the duplicate-exten...