← All CVEs

CVE-2026-52987

HIGH 7.8

Published 2026-06-24 · Last modified 2026-06-30

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drm_exec_fini() in userq validate When new_addition is true, amdgpu_userq_vm_validate() calls drm_exec_fini(&exec) before iterating over the collected HMM ranges and calling amdgpu_ttm_tt_get_user_pages(). If amdgpu_ttm_tt_get_user_pages() fails in that path, the code jumps to unlock_all and calls drm_exec_fini(&exec) a second time on the same exec object. drm_exec_fini() is not idempotent: it frees exec->objects and may also drop exec->contended and finalize the ww acquire context. Route that error path directly to the range cleanup once exec has already been finalized. Issue found using a prototype static analysis tool and confirmed by code review. (cherry picked from commit 2802952e4a07306da6ebe813ff1acacc5691851a)

ELEVATED IMPACT

Severe if exploited (CVSS 7.8), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 3rd percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

7.8CVSS 3.1 · HIGH

  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh

What an attacker needs

  • Access: Requires local access to the host
  • Privileges: Requires a low-privilege account
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Linux Red Hat

Products Linux Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9

Weakness (CWE)

  • CWE-1341

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Sources: NVD · CVE.org · EPSS