Impact
An error in the Linux DRM driver for 3D graphics hardware causes the global performance monitor reference counter to be increased without a corresponding release on several execution paths. The SET_GLOBAL ioctl fails to release the reference on its error paths, the CLEAR_GLOBAL operation leaks both the find reference and the reference previously stashed by SET_GLOBAL, and destroying a perfmon that is the current global perfmon also leaks the reference. Over time these leaks can accumulate kernel references, leading to resource exhaustion that may degrade performance or cause a denial of service, but the flaw does not provide a direct route to code execution or privilege escalation.
Affected Systems
All Linux kernel builds that contain the buggy drm/v3d driver are affected; the issue persists until the patch that adds explicit reference releases is applied. The patch was merged in the latest kernel commit chain, and references to the commit identifiers are provided in the advisory. Users of older kernel releases that have not incorporated this commit should upgrade or apply the patch manually.
Risk and Exploitability
The vulnerability requires knowledge of the driver’s ioctl interface, so it can be inferred that an attacker must have local system access and sufficient privileges to invoke the driver. Because the flaw only leads to resource exhaustion, the immediate risk is moderate; active exploitation would require repeated failures or heavy load to force a denial of service, with a CVSS score of 5.5. The EPSS score is < 1%, and the CVE is not listed in CISA’s KEV catalog, indicating that no widespread exploitation is currently documented.
OpenCVE Enrichment