CVE Catalog

CVE-2026-53139

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the DRM V3D driver due to missing validation of zero workgroup counts in indirect CSD jobs. Submitting a dispatch with a zero count in any dimension is invalid and may cause unexpected hardware behavior.

Risk Assessment

The risk involves potential system crashes or unintended GPU behavior from invalid CSD jobs, possibly leading to denial of service (DoS).

Recommendation

Immediately update the Linux kernel to a version containing the fix that skips CSD jobs with zero workgroup counts, treating them as no-ops.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with a zero count in any of the three dimensions is invalid. First, the hardware will process 0 as 65536, while the user-space driver exposes a maximum of 65535. Over that, a submission with a zeroed workgroup dimension should be a no-op. These zeroed counts can reach the dispatch path through an indirect CSD job, whose workgroup counts are only known once the indirect buffer is read and may legitimately be zero, but such scenario should only result in a no-op. Overwrite the indirect CSD job workgroup counts with the indirect BO ones, even if they are zeroed, and don't submit the job to the hardware when any of the workgroup counts is zero, so the job completes immediately instead of running the shader.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS