Memory Leak Affecting linux-qemu-6.12 package, versions <6.12.95-r0


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.12% (3rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CHAINGUARDLATEST-LINUXQEMU612-17891182
  • published8 Jul 2026
  • disclosed25 Jun 2026

Introduced: 25 Jun 2026

NewCVE-2026-53140  (opens in a new tab)
CWE-401  (opens in a new tab)

How to fix?

Upgrade Chainguard linux-qemu-6.12 to version 6.12.95-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream linux-qemu-6.12 package and not the linux-qemu-6.12 package as distributed by Chainguard. See How to fix? for Chainguard relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups

v3d_rewrite_csd_job_wg_counts_from_indirect() maps both the indirect buffer and the workgroup buffer and is expected to release them before returning. When any of the workgroup counts read from the buffer is zero, the function bailed out early and skipped the cleanup, leaking the vaddr mappings of both BOs.

Jump to the cleanup path instead of returning directly, so the mappings are always dropped.

CVSS Base Scores

version 3.1