Impact
A kernel function that configures GPU workgroups mistakenly returned early when encountering zero‑count workgroups, leaving virtual address mappings for the indirect and workgroup buffers in memory. The leaked addresses expose internal kernel memory layout, which could assist an attacker in crafting subsequent attacks or revealing confidential data. The vulnerability is limited to kernel internal state and does not allow direct code execution, but it provides attackers with valuable information about the address space.
Affected Systems
All Linux kernel installations that include the V3D DRM driver before the patch commits referenced in the advisory are vulnerable. The specific affected kernel versions are not enumerated in the advisory and must be determined by inspecting the kernel release that contains the unpatched function. Users of recent distributions that ship the V3D driver should verify whether the kernel includes the fixes applied in the commits linked in the advisory.
Risk and Exploitability
The CVSS score of 5.5, while the EPSS score of < 1% indicates a low probability of exploitation, so a quantitative risk assessment remains modest but non‑negligible. The advisory notes that the vulnerability is not listed in the CISA KEV catalog, indicating that no active exploitation is known. However, the information leak could be leveraged by an attacker with sufficient privileges to interact with the DRM subsystem. Existing kernels that allow user space to submit V3D jobs could reach the vulnerable code path, so the risk is functional but likely limited to privileged or compromised users.
OpenCVE Enrichment