CVE-2026-53141

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Fix global performance monitor reference counting

In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on the perfmon it returns, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_delete() fail to release that reference on several paths:

  1. v3d_perfmon_set_global_ioctl() leaks the reference on its error paths.

  2. CLEAR_GLOBAL leaks both the find reference and the reference previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl that configured it.

  3. Destroying a perfmon that is the current global perfmon leaks the reference stashed by the SET_GLOBAL ioctl.

Release each of these references explicitly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc6eabbab359c156669e10d5dec3e71e80ff09bd2 < 3e1947573140a57119294f0bff39ee18d93f23e1affected
LinuxLinuxc6eabbab359c156669e10d5dec3e71e80ff09bd2 < ed2eaf3b7b1820b690e4b896d344e00027526a25affected
LinuxLinuxc6eabbab359c156669e10d5dec3e71e80ff09bd2 < 6bf7e2affc6e62da7add393d7f352d4040f5bc27affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.18.36 <= 6.18.*unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References