Skip to main content

Linux Kernel CVE-2026-53201

| EUVDEUVD-2026-39292 HIGH
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-xx7h-359j-qhv7
7.8
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local, low-privilege GPU workload access (AV:L/PR:L); AC:H because it needs Intel Xe hardware, LR/preempt-fence userptr mode, and an idle-during-suspend timing window; stale mappings yield high CIA.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 28, 2026 - 09:31 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.8 (HIGH)
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 25, 2026 - 09:16 cve.org
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend"

This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6.

The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the context switch that flushes TLB entries for invalidated userptr VMAs. In LR/preempt-fence VM mode, this can lead to missed TLB invalidation and page faults during userptr invalidation tests.

Restore unconditional schedule toggling on suspend so the context-switch TLB flush is always performed.

This optimization will be reintroduced with a fix that does not skip suspend in LR/preempt-fence VM mode.

(cherry picked from commit 6a1e7934d9a6cf46aecae00a99c2603d1295e170)

AnalysisAI

Local privilege/memory-integrity exposure in the Linux kernel's drm/xe Intel GPU driver stems from a missed TLB invalidation: a previously merged optimization that skipped GuC scheduler suspend toggling when an exec queue was idle has been reverted because it bypassed the context switch that flushes TLB entries for invalidated userptr VMAs. On Intel Xe GPUs running in long-running (LR)/preempt-fence VM mode, this leaves stale TLB mappings to invalidated user pointers, producing page faults and stale-memory access during userptr invalidation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local GPU-workload access on Intel Xe host
Delivery
Configure LR/preempt-fence VM with userptr VMAs
Exploit
Invalidate userptr pages while queue idle during suspend
Execution
Stale TLB entries skip flush
Persist
GPU accesses invalidated physical pages
Impact
Trigger page fault or stale-memory read/write

Vulnerability AssessmentAI

Exploitation Requires local access (CVSS PR:L, AV:L) on a system with an Intel Xe GPU using the drm/xe driver, and the workload must use userptr-backed VMAs in long-running (LR)/preempt-fence VM mode - this is the exact configuration named in the description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are broadly consistent and point to a real but constrained local issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with permission to submit GPU workloads on an Intel Xe system configures a long-running/preempt-fence VM using userptr-backed buffers, then invalidates those user pages while the exec queue is idle and a suspend occurs, so the stale TLB entries are never flushed. The GPU continues to reference now-invalidated physical pages, enabling stale-memory reads/writes or triggering page faults that could be leveraged toward information disclosure or memory corruption. …
Remediation Apply the upstream stable fix, which is the revert restoring unconditional GuC schedule toggling on suspend: upgrade to a kernel containing commit b69b715f48ac7e802c89ed5924795c5b055da91e or fa7c84726dc217ce0c183926ef9411636c7a2213 (stable releases reported around Linux 7.0.13 / 7.1). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems with Intel Xe GPUs enabled and document their kernel versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53201 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy