CVE-2026-53290
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/xe/eustall: Fix drm_dev_put called before stream disable in close<br />
<br />
In xe_eu_stall_stream_close(), drm_dev_put() is called before the<br />
stream is disabled and its resources are freed. If this drops the<br />
last reference, the device structures could be freed while the<br />
subsequent cleanup code still accesses them, leading to a<br />
use-after-free.<br />
<br />
Fix this by moving drm_dev_put() after all device accesses are<br />
complete. This matches the ordering in xe_oa_release().<br />
<br />
(cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH



