Description
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/eustall: Fix drm_dev_put called before stream disable in close

In xe_eu_stall_stream_close(), drm_dev_put() is called before the
stream is disabled and its resources are freed. If this drops the
last reference, the device structures could be freed while the
subsequent cleanup code still accesses them, leading to a
use-after-free.

Fix this by moving drm_dev_put() after all device accesses are
complete. This matches the ordering in xe_oa_release().

(cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
Published: 2026-06-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Linux kernel DRM subsystem when closing an xe_eu_stall stream. During the close routine, drm_dev_put is called before the stream has been disabled and its resources released. If this drops the last reference to the device structure, the structure may be freed while later cleanup code still accesses it, which can lead to memory corruption or a kernel crash. This classic use‑after‑free issue (CWE‑416) can destabilize the system.

Affected Systems

The vulnerability affects any Linux kernel that contains the xe_eu_stall DRM driver prior to the commit that moves drm_dev_put after all device accesses are finished. The affected releases are therefore all kernel versions that have not incorporated the 35aff528f7297e949e5e19c9cd7fd748cf1cf21c change. No specific version range is listed, so hosts running a kernel without this patch are at risk.

Risk and Exploitability

No CVSS score is provided and the EPSS score is not available; the vulnerability is not listed in the CISA KEV catalog, indicating that no public exploit is known. Exploitation would require an attacker to trigger the close of an xe_eu_stall stream, which typically implies local privileged access or control of the DRM driver. The potential impact is denial‑of‑service or memory corruption, but no known exploits are documented.

Generated by OpenCVE AI on June 26, 2026 at 23:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that moves drm_dev_put after device cleanup, as identified in commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c.
  • Upgrade to a Linux kernel release that contains this patch.
  • If a kernel update cannot be performed immediately, disable Xe eustall support or unload the affected DRM module until the patch can be applied to avoid the use‑after‑free condition.

Generated by OpenCVE AI on June 26, 2026 at 23:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drm_dev_put called before stream disable in close In xe_eu_stall_stream_close(), drm_dev_put() is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures could be freed while the subsequent cleanup code still accesses them, leading to a use-after-free. Fix this by moving drm_dev_put() after all device accesses are complete. This matches the ordering in xe_oa_release(). (cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
Title drm/xe/eustall: Fix drm_dev_put called before stream disable in close
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:50.073Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53290

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T23:15:08Z

Weaknesses