CVE-2026-53141

EUVD-2026-39232

25.06.2026, 09:16

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Fix global performance monitor reference counting

In the SET_GLOBAL ioctl, v3d_perfmon_find() bumps the reference count on
the perfmon it returns, but v3d_perfmon_set_global_ioctl() and
v3d_perfmon_delete() fail to release that reference on several paths:

  1. v3d_perfmon_set_global_ioctl() leaks the reference on its error
     paths.

  2. CLEAR_GLOBAL leaks both the find reference and the reference
     previously stashed in v3d->global_perfmon by the SET_GLOBAL ioctl
     that configured it.

  3. Destroying a perfmon that is the current global perfmon leaks the
     reference stashed by the SET_GLOBAL ioctl.

Release each of these references explicitly.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	vulnerable
sid	7.0.13-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.94-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein entfernter Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen und weitere, nicht näher spezifizierte Auswirkungen zu erzielen.
Published: 2026-06-24T22:00:00+00:00

References

https://git.kernel.org/stable/c/3e1947573140a57119294f0bff39ee18d93f23e1

https://git.kernel.org/stable/c/6bf7e2affc6e62da7add393d7f352d4040f5bc27

https://git.kernel.org/stable/c/ed2eaf3b7b1820b690e4b896d344e00027526a25