CVE-2026-53190
Analyzed Analyzed - Analysis Complete

DMA Fence Reference Leak in Linux Kernel

Vulnerability report for CVE-2026-53190, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-06

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait() dma_fence_unwrap_for_each() internally calls dma_fence_unwrap_first() which does cursor->chain = dma_fence_get(head), taking an extra reference. On normal loop completion, dma_fence_unwrap_next() releases this via dma_fence_chain_walk() -> dma_fence_put(). When virtio_gpu_do_fence_wait() fails and the function returns early from inside the loop, the cursor->chain reference is never released. This is the only caller in the entire kernel that does an early return inside dma_fence_unwrap_for_each. Add dma_fence_put(itr.chain) before the early return.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-06
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.5 (inc) to 6.6.143 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a reference count leak in the Linux kernel's drm/virtio component related to dma_fence handling. Specifically, during the execution of the function virtio_gpu_dma_fence_wait(), an early return on error causes a reference to a dma_fence object to not be released properly. Normally, dma_fence_unwrap_for_each() manages reference counting correctly by acquiring and releasing references during its loop. However, when virtio_gpu_do_fence_wait() fails and returns early inside this loop, the reference count is not decremented, leading to a leak.

Impact Analysis

The impact of this vulnerability is a resource leak in the Linux kernel's graphics virtualization subsystem. The unreleased reference count can cause memory or resource exhaustion over time if the error condition triggering the early return occurs frequently. This may degrade system stability or performance, potentially leading to crashes or denial of service in environments relying on virtio GPU virtualization.

Mitigation Strategies

The vulnerability is fixed by adding a missing dma_fence_put call before an early return in the virtio_gpu_do_fence_wait function in the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

  • Check your current Linux kernel version.
  • Update the Linux kernel to the latest version provided by your distribution that contains the fix for this issue.
  • Reboot the system after the kernel update to apply the changes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53190. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart