PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53139 Linux CVE debrief

CVE-2026-53139 is a vulnerability in the Linux kernel's drm/v3d component. The vulnerability arises from a compute shader dispatch that encodes its workgroup counts in the CFG0..CFG2 registers. If a dispatch has a zero count in any of the three dimensions, it is considered invalid. The hardware processes 0 as 65536, while the user-space driver exposes a maximum of 65535. Furthermore, a submission with a zeroed workgroup dimension should be a no-op. These zeroed counts can reach the dispatch path through an indirect CSD job, whose workgroup counts are only known once the indirect buffer is read and may legitimately be zero, but such scenario should only result in a no-op. To address this, the indirect CSD job workgroup counts should be overwritten with the indirect BO ones, even if they are zeroed, and the job should not be submitted to the hardware when any of the workgroup counts is zero, so the job completes immediately instead of running the shader.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-25
Original CVE updated
2026-06-30
Advisory published
2026-06-25
Advisory updated
2026-06-30

Who should care

Linux kernel users and administrators should be aware of this vulnerability, as it could potentially be exploited to cause unintended behavior or crashes. Users of the drm/v3d component are particularly advised to take note and ensure their systems are updated with the appropriate patches.

Technical summary

The vulnerability is located in the drm/v3d component of the Linux kernel. It involves the handling of compute shader dispatches with zeroed workgroup counts. Normally, a dispatch with zero workgroups in any dimension should not be processed by the hardware. However, due to the nature of indirect CSD jobs, zeroed counts can be encountered and must be handled properly to prevent unintended behavior. The solution involves overwriting the workgroup counts of indirect CSD jobs with those from the indirect buffer object (BO) and skipping the submission of such jobs if any dimension has a zero count.

Defensive priority

This vulnerability should be prioritized for patching due to its potential impact on system stability and security. Linux kernel maintainers and users are advised to apply patches as soon as possible to mitigate the risk.

Recommended defensive actions

  • Apply the official patches provided by the Linux kernel maintainers to update the drm/v3d component.
  • Review system configurations and ensure that the drm/v3d component is properly secured and monitored.
  • Consider implementing compensating controls, such as additional logging or monitoring, to detect potential exploitation attempts.
  • Keep the Linux kernel and related components up-to-date with the latest security patches.
  • Monitor for any signs of exploitation or anomalous behavior related to the drm/v3d component.

Evidence notes

The CVE-2026-53139 vulnerability was identified in the Linux kernel's drm/v3d component. The issue arises from the handling of compute shader dispatches with zeroed workgroup counts. Evidence from the Linux kernel source code and official CVE records confirms the existence and impact of this vulnerability. The solution involves updating the drm/v3d component to properly handle zeroed workgroup counts in indirect CSD jobs.

Official resources

This article is AI-assisted and based on the supplied source corpus.