503 matches found
drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
...
SUSE CVE-2025-68802
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations The exec and vmbind ioctl allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs can force an excessively large allocation,...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002181)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002181 advisory. Integer overflow in drivers/gpu/drm/i915/i915gemexecbuffer.c in the i915 driver in the Direct Rendering Manager DRM subsystem in the Linux kernel through 3.8.3, as...
MiracleLinux 4 : kernel-2.6.32-220.23.1.el6 (AXSA:2012-646:05)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-646:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...
CVE-2025-71076
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit numsyncs to prevent oversized allocations The OA open parameters did not validate numsyncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations. Add check to ensure...
CVE-2025-71083 drm/ttm: Avoid NULL pointer deref for evicted BOs
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted. When devcoredump tries to read the contents of all BOs for...
CVE-2025-68802
CVE-2025-68802 concerns the Linux kernel DRM XE path. The vulnerability stems from exec/vm_bind ioctls allowing an unbounded num_syncs value, enabling an excessively large allocation and warnings from the page allocator. The fix introduces DRM_XE_MAX_SYNCS (1024) and rejects requests exceeding th...
AZL-73415 CVE-2025-68757 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timerdeletesync from fence-ops.release called on last dmafenceput. In some scenarios, it can run...
PT-2026-27715
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/xe/queue functionality where a missing finalization call during queue initialization can lead to invalid memory references. Specifically, if queue...
PT-2026-27731
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DRM client modeset probe function. Specifically, the modes variable in drm client modeset probe may fail to allocate memory using kcalloc. If...
PT-2026-6121
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993099)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993099 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two...
UBUNTU-CVE-2022-50884
In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...
CVE-2022-50884
In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...
CVE-2022-50867
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...
CVE-2022-50847 drm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: it6505: Initialize AUX channel in it6505i2cprobe During device boot, the HPD interrupt could be triggered before the DRM subsystem registers it6505 as a DRM bridge. In such cases, the driver tries to access AUX channe...
PT-2025-54083
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/TTM subsystem where a resource could be leaked during eviction errors, specifically those other than -EMULTIHOP. The issue was addressed by...
PT-2025-54120
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DRM subsystem where the drm copy field function may attempt to copy a NULL pointer. This occurs when a driver has a bug and fails to set...
SUSE CVE-2023-54091
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the...
CVE-2023-54018
CVE-2023-54018 — Linux kernel : The vulnerability resides in drm/msm/hdmi where alloc_ordered_workqueue may return NULL. The code fails to check this return value, leading to NULL pointer dereferences in hdmi_hdcp.c and hdmi_hpd.c. Public docs (Linux kernel patch notes and vendor advisories such ...