CVE-2026-53141
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix global performance monitor reference counting
In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on the perfmon it returns, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_delete() fail to release that reference on several paths:
v3d_perfmon_set_global_ioctl() leaks the reference on its error paths.
CLEAR_GLOBAL leaks both the find reference and the reference previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl that configured it.
Destroying a perfmon that is the current global perfmon leaks the reference stashed by the SET_GLOBAL ioctl.
Release each of these references explicitly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c6eabbab359c156669e10d5dec3e71e80ff09bd2 < 3e1947573140a57119294f0bff39ee18d93f23e1 | affected |
| Linux | Linux | c6eabbab359c156669e10d5dec3e71e80ff09bd2 < ed2eaf3b7b1820b690e4b896d344e00027526a25 | affected |
| Linux | Linux | c6eabbab359c156669e10d5dec3e71e80ff09bd2 < 6bf7e2affc6e62da7add393d7f352d4040f5bc27 | affected |
| Linux | Linux | 6.14 | affected |
| Linux | Linux | 0 < 6.14 | unaffected |
| Linux | Linux | 6.18.36 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.13 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/3e1947573140a57119294f0bff39ee18d93f23e1
- https://git.kernel.org/stable/c/ed2eaf3b7b1820b690e4b896d344e00027526a25
- https://git.kernel.org/stable/c/6bf7e2affc6e62da7add393d7f352d4040f5bc27
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.