29 matches found
CVE-2026-43059
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs" introduced mgmtpendingvalid, which not only validates the pending command but also unlinks it from...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Clearing FRSENT when re-adding requests into the pending list. The following warning was reported by lee bruce: ---------- Cut here ---------- WARNING: CPU: 0, PID: 8264, at fs/fuse/dev.c:300 fuserequestend+0x685/0x7e0,...
PT-2026-34416
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt add adv patterns monitor complete This fixes the condition checking so mgmt pending valid is executed whenever status != -ECANCELED otherwise calling mgmt pending freecmd would kfreec...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38117)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38117 advisory. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmtpending lis...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37951)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37951 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the...
EUVD-2025-34591
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmtpending being freed while still being processed like in the following trace, in order to fix mgmtpendingvalid is introduce and use to check...
drm/v3d: Add job to pending list if the reset was skipped
...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add a step to move a job to the pending list if the reset operation was skipped. When a CL/CSD job times out, we check whether the GPU has made any progress since the last timeout. If so, instead of resetting the hardwar...
SUSE CVE-2025-37951
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...
DEBIAN-CVE-2025-37951
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...
CVE-2025-37951
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...
UBUNTU-CVE-2025-37951
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the time...
CVE-2025-37951
CVE-2025-37951 affects the Linux kernel DRM/V3D path. When a CL/CSD job times out, if the GPU progressed, the kernel may skip the reset, keeping the job running; however, timedout_job() removes the job from the pending list, so it may not be freed, causing a memory leak. A patch adds the job back...
CVE-2025-37930
CVE-2025-37930 affects Linux kernels containing the drm/nouveau fix for WARN_ON in nouveau_fence_context_kill(). The issue arises because nouveau_fence_done() can signal fences, leaving signaled fences in the pending list, and a concurrent call to nouveau_fence_context_kill() could attempt to set...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a job not being added to the pending list when v3d skips a reset...
PT-2025-22212
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue has been identified in the Linux kernel. The problem occurs when a CL/CSD job times out, and the GPU has made progress since the last timeout. In such cases, the rese...
PT-2025-22191
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the Nouveau component. The issue arises when a fence is signaled through a means other than the expected nouveau...
DEBIAN-CVE-2024-50149
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the runjob thread resulting in UAF. It is only safe for free job to naturally be called by the scheduler. Rather free job in TDR, add to pending list...
UBUNTU-CVE-2024-50149
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the runjob thread resulting in UAF. It is only safe for free job to naturally be called by the scheduler. Rather free job in TDR, add to pending list...
CVE-2024-43863 drm/vmwgfx: Fix a deadlock in dma buf fence polling
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll-fence wait-fence unref deadlocks...