{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53139", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.387Z", "datePublished": "2026-06-25T08:38:27.738Z", "dateUpdated": "2026-06-25T08:38:27.738Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-25T08:38:27.738Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Skip CSD when it has zeroed workgroups\n\nA compute shader dispatch encodes its workgroup counts in the CFG0..CFG2\nregisters. Kicking off a dispatch with a zero count in any of the three\ndimensions is invalid. First, the hardware will process 0 as 65536,\nwhile the user-space driver exposes a maximum of 65535. Over that, a\nsubmission with a zeroed workgroup dimension should be a no-op.\n\nThese zeroed counts can reach the dispatch path through an indirect CSD\njob, whose workgroup counts are only known once the indirect buffer is\nread and may legitimately be zero, but such scenario should only result in\na no-op.\n\nOverwrite the indirect CSD job workgroup counts with the indirect BO\nones, even if they are zeroed, and don't submit the job to the hardware\nwhen any of the workgroup counts is zero, so the job completes immediately\ninstead of running the shader."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/v3d/v3d_sched.c"], "versions": [{"version": "d223f98f02099b002903b9b22b56febae16ef80d", "lessThan": "9655b56b6de918e1c22b92f3880ae41b052cbd00", "status": "affected", "versionType": "git"}, {"version": "d223f98f02099b002903b9b22b56febae16ef80d", "lessThan": "11e6432836394e00d39e468cd514f9ddb66f1e49", "status": "affected", "versionType": "git"}, {"version": "d223f98f02099b002903b9b22b56febae16ef80d", "lessThan": "7f93fad5ea0affc9e1505dd0f7596c0fdb496213", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/v3d/v3d_sched.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9655b56b6de918e1c22b92f3880ae41b052cbd00"}, {"url": "https://git.kernel.org/stable/c/11e6432836394e00d39e468cd514f9ddb66f1e49"}, {"url": "https://git.kernel.org/stable/c/7f93fad5ea0affc9e1505dd0f7596c0fdb496213"}], "title": "drm/v3d: Skip CSD when it has zeroed workgroups", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: drm/v3d: Skip CSD when it has zeroed workgroups", "id": "2492716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492716"}, "csaw": false, "cwe": "CWE-1284", "details": ["A flaw was found in the Linux kernel's graphics driver for Broadcom V3D (VideoCore V) GPUs. This vulnerability occurs when a compute shader dispatch (CSD) is initiated with zero workgroup counts, which the hardware could misinterpret as a very large number. This misinterpretation could lead to unexpected system behavior or a denial of service (DoS), where the system becomes unresponsive or crashes."], "name": "CVE-2026-53139", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53139\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53139\nhttps://lore.kernel.org/linux-cve-announce/2026062543-CVE-2026-53139-2b50@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d223f98f02099b002903b9b22b56febae16ef80d,9655b56b6de918e1c22b92f3880ae41b052cbd00)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d223f98f02099b002903b9b22b56febae16ef80d,11e6432836394e00d39e468cd514f9ddb66f1e49)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d223f98f02099b002903b9b22b56febae16ef80d,7f93fad5ea0affc9e1505dd0f7596c0fdb496213)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.3)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.36,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.13,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-25T10:30:17.203963+00:00", "updated": "2026-06-26T15:45:02.982165+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}