CVE-2026-52950

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/dma-buf: fix UAF with retry loop

Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init do the alloc for us. This should make the retry safe.

Reported by Sashiko.

v2: Fix up the error unwind (CI)

(cherry picked from commit 479669418253e0f27f8cf5db01a731352ea592e7)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxeb289a5f6cc668853f9b2ea6aca04afe58ed11c7 < 39fdac6be02eb7c3460518c1c4085f75f935c4ceaffected
LinuxLinuxeb289a5f6cc668853f9b2ea6aca04afe58ed11c7 < 827062952ed9bdf4220466c1f05ce452d04bdedfaffected
LinuxLinuxeb289a5f6cc668853f9b2ea6aca04afe58ed11c7 < 155a372a1cc50fa93387c5d3cdfd614a61e1afd1affected
LinuxLinux6.18affected
LinuxLinux0 < 6.18unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

ADP Enrichment

kernel: drm/xe/dma-buf: fix UAF with retry loop

Additional References

References