Description
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/eustall: Fix drm_dev_put called before stream disable in close

In xe_eu_stall_stream_close(), drm_dev_put() is called before the
stream is disabled and its resources are freed. If this drops the
last reference, the device structures could be freed while the
subsequent cleanup code still accesses them, leading to a
use-after-free.

Fix this by moving drm_dev_put() after all device accesses are
complete. This matches the ordering in xe_oa_release().

(cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
Published: 2026-06-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Linux kernel DRM subsystem when closing an xe_eu_stall stream. During the close routine, drm_dev_put is called before the stream has been disabled and its resources released. If this drops the last reference to the device structure, the structure may be freed while later cleanup code still accesses it, which can lead to memory corruption or a kernel crash. This classic use‑after‑free issue can destabilize the system.

Affected Systems

The vulnerability affects any Linux kernel that contains the xe_eu_stall DRM driver prior to the commit that moves drm_dev_put after all device accesses are finished. The affected releases are therefore all kernel versions that have not incorporated the 35aff528f7297e949e5e19c9cd7fd748cf1cf21c change. No specific version range is listed, so hosts running a kernel without this patch are at risk.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS score is <1%, so exploitation is unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker would need to trigger a xe_eu_stall stream close, which typically requires local or privileged access to the DRM driver. The potential impact is memory corruption or a kernel crash, which could lead to denial‑of‑service, but no publicly known exploits exist.

Generated by OpenCVE AI on June 29, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that moves drm_dev_put after device cleanup, as identified in commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c.
  • Upgrade to a Linux kernel release that contains this patch.
  • If a kernel update cannot be performed immediately, disable Xe eustall support or unload the affected DRM module until the patch can be applied to avoid the use‑after‑free condition.

Generated by OpenCVE AI on June 29, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

threat_severity

Moderate


Sun, 28 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sun, 28 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Fri, 26 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drm_dev_put called before stream disable in close In xe_eu_stall_stream_close(), drm_dev_put() is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures could be freed while the subsequent cleanup code still accesses them, leading to a use-after-free. Fix this by moving drm_dev_put() after all device accesses are complete. This matches the ordering in xe_oa_release(). (cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
Title drm/xe/eustall: Fix drm_dev_put called before stream disable in close
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:41:26.270Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53290

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53290 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T15:30:05Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference