Description
In the Linux kernel, the following vulnerability has been resolved:

drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure

Apply the same fix as b2ed01e7ad ("drm/ttm: Fix ttm_bo_swapout()
infinite LRU walk on swapout failure") to the ttm_bo_shrink() path.

Move del_bulk_move from before the backup to after success only,
using ttm_resource_del_bulk_move_unevictable() since the resource
is now unevictable once fully backed up.
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s DRM/TTM graphics memory manager contains a flaw where a backup failure triggers an infinite walk of the least‑recently‑used list. This causes the kernel to lock up CPU cycles, resulting in a denial‑of‑service as the system becomes sluggish or unresponsive. The weakness arises from improper resource cleanup on backup failure and can be mapped to CWE‑665.

Affected Systems

All Linux kernel releases that have not incorporated the change introduced by commit b2ed01e7ad are affected. The patch addresses DRM/TTM, a core kernel subsystem, so any distribution shipping an affected kernel build is vulnerable. No specific vendor or version list is provided.

Risk and Exploitability

No CVSS score is published and EPSS is unavailable, making precise risk measurement difficult. The flaw is not listed in CISA KEV, indicating no publicly known exploits. Based on the description, it is inferred that exploitation would require local or elevated privileges to induce a backup failure, so remote exploitation is unlikely. Nonetheless, the DoS impact could be severe for systems that rely on continuous GPU or graphics performance, treating this as a high‑severity local DoS threat.

Generated by OpenCVE AI on June 24, 2026 at 20:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes commit b2ed01e7ad, which relocates the del_bulk_move operation to after successful backup and uses ttm_resource_del_bulk_move_unevictable().
  • If an upgrade is not feasible, apply an equivalent source patch to the kernel: move the del_bulk_move call inside ttm_bo_shrink() to execute after a successful backup and replace it with ttm_resource_del_bulk_move_unevictable() to eliminate the infinite walk.
  • As an interim measure, restrict or disable the DRM/TTM subsystem for processes or users that do not require graphics driver functionality, thereby reducing the attack surface; alternatively, monitor kernel logs for repeated backup failures and restart affected services.

Generated by OpenCVE AI on June 24, 2026 at 20:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad ("drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure") to the ttm_bo_shrink() path. Move del_bulk_move from before the backup to after success only, using ttm_resource_del_bulk_move_unevictable() since the resource is now unevictable once fully backed up.
Title drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:32.684Z

Reserved: 2026-06-09T07:44:35.371Z

Link: CVE-2026-52949

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:30:04Z

Weaknesses