55 matches found
CVE-2026-31766
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...
PT-2026-36401
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbell offset in user queue creation amdgpu userq get doorbell index passes the user-provided doorbell offset to amdgpu doorbell index on bar without bounds checking. An arbitrarily large doorbell offset ca...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drm amdgpu driver not validating the doorbelloffset boundary in user queue creation, which could lead to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007244)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007244 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedrcreateuserqp error flow Avoid the following warning by making sure to free the...
SUSE CVE-2026-23034
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer holds an extra dmafence reference. When the queue is destroyed, we free...
CVE-2026-23034
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer holds an extra dmafence reference. When the queue is destroyed, we free...
CVE-2026-23034
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer holds an extra dmafence reference. When the queue is destroyed, we free...
CVE-2026-23034
CVE-2026-23034 concerns the Linux kernel’s drm/amdgpu/userq fence reference leak on queue teardown. The bug arose because userq->last_fence kept an extra dma_fence reference and was not released when the queue/driver was torn down, leaving objects in the amdgpu_userq_fence slab cache during mo...
CVE-2026-23034 drm/amdgpu/userq: Fix fence reference leak on queue teardown v2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer holds an extra dmafence reference. When the queue is destroyed, we free...
CVE-2026-23034
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer holds an extra dmafence reference. When the queue is destroyed, we free...
EUVD-2026-5060
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer holds an extra dmafence reference. When the queue is destroyed, we free...
Linux Distros Unpatched Vulnerability : CVE-2026-23034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq-lastfence. This pointer...
SUSE CVE-2023-54168
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in setusersqsize The ucmd-logsqbbcount variable is controlled by the user so this shift can wrap. Fix it by using checkshloverflow in the same way that it was done in commit 515f60004ed9 "RDMA/hn...
EUVD-2025-201867
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...
CVE-2025-40335
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...
CVE-2025-40335 drm/amdgpu: validate userq input args
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unverified user queue buffer virtual addresses and sizes...
CVE-2025-38603
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-38603
...
CVE-2025-38603
The connected Nessus entry provides concrete details for CVE-2025-38603: it affects the Linux kernel’s amdgpu driver, specifically a slab-use-after-free in amdgpu_userq_mgr_fini. The issue could occur when amdgpu_fpriv is freed in amdgpu_driver_postclose_kms() and later accessed in amdgpu_drm_rel...