Description
In the Linux kernel, the following vulnerability has been resolved:

drm/msm: Fix VM_BIND UNMAP locking

Wrong argument meant that the objs involved in UNMAP ops were not always
getting locked.

Since _NO_SHARE objs share a common resv with the VM (which is always
locked) this would only show up with non-_NO_SHARE BOs.

Patchwork: https://patchwork.freedesktop.org/patch/713898/
Published: 2026-06-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wrong argument handling in the Linux DRM/msm driver caused non-_NO_SHARE buffer objects to be unbound from the virtual memory map without acquiring the necessary lock. This race condition can allow concurrent access to shared resources, potentially corrupting kernel memory or causing a crash. The vulnerability occurs during UNMAP operations and threatens the integrity of the kernel’s graphics memory management.

Affected Systems

All Linux kernel releases lacking the vm_bind unmap locking fix are affected; the flaw is limited to the DRM/msm driver stack, so any distribution shipping a kernel version without the patch is vulnerable.

Risk and Exploitability

The issue is a race condition that requires privileged kernel context and concurrent unbinding of buffer objects. The CVSS score of 7.8 indicates high severity, and the EPSS score < 1% indicates that exploit probability is low. It is not listed in CISA KEV. Remote exploitation is unlikely, but a local privileged actor or compromised process could induce data corruption or cause a denial-of-service within the kernel.

Generated by OpenCVE AI on June 28, 2026 at 14:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel that contains the drm/msm vm_bind unmap locking fix.
  • If an immediate kernel upgrade is not possible, temporarily disable GPU acceleration or restrict usage of the drm/msm driver until the patch is applied.
  • For systems unable to upgrade or disable GPU workloads, continuously monitor the kernel logs for signs of GPU buffer corruption or crashes and apply the specific commit manually from the vendor’s git tree and rebuild the kernel.

Generated by OpenCVE AI on June 28, 2026 at 14:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix VM_BIND UNMAP locking Wrong argument meant that the objs involved in UNMAP ops were not always getting locked. Since _NO_SHARE objs share a common resv with the VM (which is always locked) this would only show up with non-_NO_SHARE BOs. Patchwork: https://patchwork.freedesktop.org/patch/713898/
Title drm/msm: Fix VM_BIND UNMAP locking
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:38:40.166Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53054

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53054 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:45:17Z

Weaknesses
  • CWE-413

    Improper Resource Locking