Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix a fence leak in submit error path In error paths, we could unref the submit without calling drm_sched_entity_push_job(), so msm_job_free() will never get called. Since drm_sched_job_cleanup() will NULL out the s_fence, we can use that to detect this case. Patchwork: https://patchwork.freedesktop.org/patch/653584/
Product status
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 (git) before 5deab0fa6cfd0cd7def17598db15ceb84f950584
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 (git) before 201eba5c9652a900c0b248070263f9acd3735689
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 (git) before fe2695b2f63bd77e0e03bc0fc779164115bb4699
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 (git) before 0eaa495b3d5710e5ba72051d2e01bb28292c625c
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 (git) before 0dc817f852e5f8ec8501d19ef7dcc01affa181d0
0cf6c71d70d8aa39b8fd0e39c9009602a0e0d300 (git) before 5d319f75ccf7f0927425a7545aa1a22b3eedc189
3.12
Any version before 3.12
5.15.187 (semver)
6.1.144 (semver)
6.6.97 (semver)
6.12.37 (semver)
6.15.6 (semver)
6.16 (original_commit_for_fix)
References
lists.debian.org/debian-lts-announce/2025/10/msg00008.html
git.kernel.org/...c/5deab0fa6cfd0cd7def17598db15ceb84f950584
git.kernel.org/...c/201eba5c9652a900c0b248070263f9acd3735689
git.kernel.org/...c/fe2695b2f63bd77e0e03bc0fc779164115bb4699
git.kernel.org/...c/0eaa495b3d5710e5ba72051d2e01bb28292c625c
git.kernel.org/...c/0dc817f852e5f8ec8501d19ef7dcc01affa181d0
git.kernel.org/...c/5d319f75ccf7f0927425a7545aa1a22b3eedc189