Description
In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Fix global performance monitor reference counting

In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on
the perfmon it returns, but v3d_perfmon_set_global_ioctl() and
v3d_perfmon_delete() fail to release that reference on several paths:

1. v3d_perfmon_set_global_ioctl() leaks the reference on its error
paths.

2. CLEAR_GLOBAL leaks both the find reference and the reference
previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl
that configured it.

3. Destroying a perfmon that is the current global perfmon leaks the
reference stashed by the SET_GLOBAL ioctl.

Release each of these references explicitly.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An error in the Linux DRM driver for 3D graphics hardware causes the global performance monitor reference counter to be increased without a corresponding release on several execution paths. The SET_GLOBAL ioctl fails to release the reference on its error paths, the CLEAR_GLOBAL operation leaks both the find reference and the reference previously stashed by SET_GLOBAL, and destroying a perfmon that is the current global perfmon also leaks the reference. Over time these leaks can accumulate kernel references, leading to resource exhaustion that may degrade performance or cause a denial of service, but the flaw does not provide a direct route to code execution or privilege escalation.

Affected Systems

All Linux kernel builds that contain the buggy drm/v3d driver are affected; the issue persists until the patch that adds explicit reference releases is applied. The patch was merged in the latest kernel commit chain, and references to the commit identifiers are provided in the advisory. Users of older kernel releases that have not incorporated this commit should upgrade or apply the patch manually.

Risk and Exploitability

The vulnerability requires knowledge of the driver’s ioctl interface, so it can be inferred that an attacker must have local system access and sufficient privileges to invoke the driver. Because the flaw only leads to resource exhaustion, the immediate risk is moderate; active exploitation would require repeated failures or heavy load to force a denial of service, with a CVSS score of 5.5. The EPSS score is < 1%, and the CVE is not listed in CISA’s KEV catalog, indicating that no widespread exploitation is currently documented.

Generated by OpenCVE AI on June 30, 2026 at 01:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that adds explicit reference releases; the patch is available in the latest kernel source series and identified by the commit ID 6bf7e2affc6e62da7add393d7f352d4040f5bc27.
  • Reboot the system after updating the kernel so the kernel loads the corrected driver module.
  • Reload the drm/v3d driver module using modprobe -r drm/v3d && modprobe drm/v3d to clear any lingering references.

Generated by OpenCVE AI on June 30, 2026 at 01:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-414

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on the perfmon it returns, but v3d_perfmon_set_global_ioctl() and v3d_perfmon_delete() fail to release that reference on several paths: 1. v3d_perfmon_set_global_ioctl() leaks the reference on its error paths. 2. CLEAR_GLOBAL leaks both the find reference and the reference previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl that configured it. 3. Destroying a perfmon that is the current global perfmon leaks the reference stashed by the SET_GLOBAL ioctl. Release each of these references explicitly.
Title drm/v3d: Fix global performance monitor reference counting
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:38:29.283Z

Reserved: 2026-06-09T07:44:35.387Z

Link: CVE-2026-53141

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53141 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T01:30:05Z

Weaknesses