140 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53140
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3drewritecsdjobwgcountsfromindirect maps both the indirect buffer and the workgroup buffer and ...
Linux Distros Unpatched Vulnerability : CVE-2026-53139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with ...
CVE-2026-53139
A flaw was found in the Linux kernel's graphics driver for Broadcom V3D VideoCore V GPUs. This vulnerability occurs when a compute shader dispatch CSD is initiated with zero workgroup counts, which the hardware could misinterpret as a very large number. This misinterpretation could lead to...
EUVD-2026-39344
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with a zero count in any of the three dimensions is invalid. First, the...
CVE-2026-53139
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with a zero count in any of the three dimensions is invalid. First, the...
CVE-2026-53141
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...
UBUNTU-CVE-2026-53141
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...
CVE-2026-53141
The CVE-2026-53141 issue affects the Linux kernel DRM v3d global performance monitor reference counting. In SET_GLOBAL, v3d_perfmon_find() bumps the perfmon’s reference count, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_delete() fail to release that reference on several paths, causing leak...
EUVD-2026-39232
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...
CVE-2026-53141
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...
CVE-2026-53140
The CVE-2026-53140 issue affects the Linux kernel’s DRM v3d code. A vaddr leak occurred in v3d_rewrite_csd_job_wg_counts_from_indirect() when the indirect CSD workgroup counts read as zero, causing an early bailout that skipped releasing the vaddr mappings for both the indirect buffer and the wor...
CVE-2026-53140
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3drewritecsdjobwgcountsfromindirect maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgro...
CVE-2026-53139
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with a zero count in any of the three dimensions is invalid. First, the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fixed the issue of null pointer dereferencing of the pointer perfmon. In the unlikely event that the pointer perfmon is null, the WARNON return path occurs after the pointer has already been dereferenced. This issue was...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add a step to move a job to the pending list if the reset operation was skipped. When a CL/CSD job times out, we check whether the GPU has made any progress since the last timeout. If so, instead of resetting the hardwar...
CVE-2026-46314
A flaw was found in the Linux kernel's drm/v3d component. A local user can exploit this vulnerability by crafting a self-referential multisync extension with zero synchronization counts. This bypasses existing guards, leading to an infinite loop within the kernel. The consequence is a Denial of...
CVE-2026-46314
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...
UBUNTU-CVE-2026-46314
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...
CVE-2026-46314
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...