Skip to main content

Linux Kernel EUVDEUVD-2026-38922

| CVE-2026-53054 HIGH
2026-06-24 Linux GHSA-8263-r89r-w7g7
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local GPU device access needed (AV:L, PR:L); a race condition makes reliable exploitation timing-dependent (AC:H); memory corruption yields full kernel CIA impact (C:H/I:H/A:H).

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 08:59 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:29 cve.org
HIGH 7.8
CVE Published
Jun 24, 2026 - 16:29 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: Fix VM_BIND UNMAP locking

Wrong argument meant that the objs involved in UNMAP ops were not always getting locked.

Since _NO_SHARE objs share a common resv with the VM (which is always locked) this would only show up with non-_NO_SHARE BOs.

Patchwork: https://patchwork.freedesktop.org/patch/713898/

AnalysisAI

Local memory-corruption in the Linux kernel's drm/msm (Qualcomm Adreno GPU) driver stems from a VM_BIND UNMAP locking bug where a wrong argument left the GPU buffer objects involved in UNMAP operations unlocked. A low-privileged local user with GPU/render access on systems using the msm driver can trigger races that, per the 7.8 CVSS vector (AV:L/AC:L/PR:L), yield high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local access with GPU render-node permissions
Delivery
Open msm DRM device and allocate non-_NO_SHARE buffer objects
Exploit
Issue VM_BIND UNMAP racing the unlocked path
Execution
Trigger reservation-object data race and memory corruption
Impact
Leak kernel memory or corrupt GPU state for escalation

Vulnerability AssessmentAI

Exploitation Exploitation requires local code execution on a system running the Linux kernel's drm/msm driver on Qualcomm Adreno GPU hardware, plus access to the DRM GPU device/render node to submit VM_BIND UNMAP operations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely consistent and point to a genuine but locally-scoped issue rather than an internet-facing emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with access to the GPU render node on a Qualcomm Adreno-based Linux system issues VM_BIND UNMAP operations against non-_NO_SHARE GEM buffer objects, racing the unlocked code path to corrupt GPU address-space state or leak kernel memory. Given AV:L/AC:L/PR:L, no remote access or user interaction is needed, but the attacker must already be able to run code on the device. …
Remediation Patch available per vendor advisory: upgrade to a Linux stable release containing the fix - the EUVD references patched targets including 6.18.33, 7.0.10, and 7.1, with the upstream stable commits at https://git.kernel.org/stable/c/206f812ef140727b75697111391ae320fd8aa652 , https://git.kernel.org/stable/c/d9ecf758270501b2e7a0bc1dd69a6f28f1ae3cae , and https://git.kernel.org/stable/c/85042c2cd970a6b0e686329387096fe19989ae62 ; the originating change is at https://patchwork.freedesktop.org/patch/713898/ . … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory Linux systems using msm driver and identify GPU-access users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38922 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy