CVE & CISA-KEV Catalog

CVE-2026-53190

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait() dma_fence_unwrap_for_each() internally calls dma_fence_unwrap_first() which does cursor->chain = dma_fence_get(head), taking an extra reference. On normal loop completion, dma_fence_unwrap_next() releases this via dma_fence_chain_walk() -> dma_fence_put(). When virtio_gpu_do_fence_wait() fails and the function returns early from inside the loop, the cursor->chain reference is never released. This is the only caller in the entire kernel that does an early return inside dma_fence_unwrap_for_each. Add dma_fence_put(itr.chain) before the early return.

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.94-1CVE-2026-53190
Fixed in:7.0.13-1CVE-2026-53190

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U

Exploit Intelligence

0.18%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Embed a live status badge for CVE-2026-53190
CVE-2026-53190 severity badge

Markdown

[![CVE-2026-53190](https://tridentstack.com/cve/badge/CVE-2026-53190.svg)](https://tridentstack.com/cve/CVE-2026-53190)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-53190"><img src="https://tridentstack.com/cve/badge/CVE-2026-53190.svg" alt="CVE-2026-53190"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-30.