CVE Catalog

CVE-2026-53140

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in the Linux kernel's DRM V3D driver causes a virtual address (vaddr) mapping leak when processing indirect CSD buffers. If the workgroup count read from the buffer is zero, the v3d_rewrite_csd_job_wg_counts_from_indirect() function exits early without releasing the mappings of both buffers.

Risk Assessment

The memory mapping leak can exhaust system resources, potentially leading to denial of service (DoS) or system instability.

Recommendation

Immediately update the Linux kernel to a version containing the fix that ensures cleanup of mappings even when the workgroup count is zero.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups v3d_rewrite_csd_job_wg_counts_from_indirect() maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgroup counts read from the buffer is zero, the function bailed out early and skipped the cleanup, leaking the vaddr mappings of both BOs. Jump to the cleanup path instead of returning directly, so the mappings are always dropped.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS