CVE-2026-53141 PUBLISHED

drm/v3d: Fix global performance monitor reference counting

Assigner: Linux
Reserved: 09.06.2026 Published: 25.06.2026 Updated: 25.06.2026

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Fix global performance monitor reference counting

In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on the perfmon it returns, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_delete() fail to release that reference on several paths:

  1. v3d_perfmon_set_global_ioctl() leaks the reference on its error paths.

  2. CLEAR_GLOBAL leaks both the find reference and the reference previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl that configured it.

  3. Destroying a perfmon that is the current global perfmon leaks the reference stashed by the SET_GLOBAL ioctl.

Release each of these references explicitly.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from c6eabbab359c156669e10d5dec3e71e80ff09bd2 to 3e1947573140a57119294f0bff39ee18d93f23e1 (excl.)
  • affected from c6eabbab359c156669e10d5dec3e71e80ff09bd2 to ed2eaf3b7b1820b690e4b896d344e00027526a25 (excl.)
  • affected from c6eabbab359c156669e10d5dec3e71e80ff09bd2 to 6bf7e2affc6e62da7add393d7f352d4040f5bc27 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.14 is affected
  • unaffected from 0 to 6.14 (excl.)
  • unaffected from 6.18.36 to 6.18.* (incl.)
  • unaffected from 7.0.13 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References