CVE-2026-46006

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...

UBUNTU-CVE-2026-46006

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...

PT-2026-43873

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A 32-bit integer overflow exists in the nouveau gem pushbuf reloc apply function within the drm/nouveau component. The issue occurs during the validation of relocations where the additio...

UBUNTU-CVE-2026-43485

In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARNON in ACPI probes These WARNONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...

CVE-2026-43381

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nouveau: fixed a race condition related to ptr storage operations. When running many VK CTS tests in parallel against nouveau, every few hours, you might encounter a crash like this. BUG: Kernel NULL pointer dereferencing, addres...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007596 advisory. In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against...

RockyLinux 8 : kernel-rt (RLSA-2026:6572)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6572 advisory. kernel: nouveau: fix instmem race condition around ptr stores CVE-2024-26984 kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecoun...

Oracle Linux 8 : kernel (ELSA-2026-6571)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6571 advisory. - scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount CKI Backport Bot RHEL-150417 CVE-2026-23193 - nouveau: fix instmem race conditi...

CVE-2023-54263

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: init hpdirqlock for PIOR DP Fixes OOPS on boards with ANX9805 DP encoders...

CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup

In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vgaswitcheroo: Avoid race condition in fbcon setup Protect vgaswitcherooclientfbset with console lock. Avoids OOB access in fbconremapall. Without holding the console lock the call races with switching outputs. VGA...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990139)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990139 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17tvgetldmodes In nv17tvgetldmodes, the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau/nvif: Fixed a potential memory leak in nvifvmmctor. When the nvifvmmtype is invalid, an error will be returned directly, without freeing the arguments passed to nvifvmmctor. This could lead to a memory leak. This...

SUSE CVE-2022-50454

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveaugemprimeimportsgtable nouveauboinit is backed by ttmboinit and ferries its return code back to the caller. On failures, ttm will call nouveaubodelttm and free the memory.Thus, when...

SUSE CVE-2023-53263

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveauconnectorcreate We can't simply free the connector after calling drmconnectorinit on it. We need to clean up the drm side first. It might not fix all regressions fr...

UBUNTU-CVE-2023-53263

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveauconnectorcreate We can't simply free the connector after calling drmconnectorinit on it. We need to clean up the drm side first. It might not fix all regressions fr...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: The WARNON message in nouveaufencecontextkill has been fixed. Nouveau is designed in such a way that it is expected that fences are only signaled through nouveaufencesignal. However, at least in one other place,...

drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()

...

CVE-2024-50096

...

kernel: nouveau: lock the client object tree.

A flaw was found in the nouveau module in the Linux kernel. A missing resource lock can cause a race condition and trigger a general protection fault, resulting in a denial of service...