Linux Kernel Daily: Security Fixes and Graphics Driver Stability

Multiple critical security vulnerabilities were addressed across graphics drivers and virtualization, with the DRM gem change handle ioctl temporarily disabled due to persistent race conditions. Filesystem fixes addressed use-after-free bugs in EROFS and XFS real-time device handling.

2026-06-06T06:00:54Z

Duration: PT2M14S

https://podlog.io/listen/linux-kernel-daily-497a9976/episode/linux-kernel-daily-security-fixes-and-graphics-driver-stability-ab1de837

Transcript

Good morning. This is Linux Kernel Daily for June 6th, 2026.

The dominant theme today is security vulnerability remediation, with graphics drivers receiving the most extensive fixes and one critical ioctl being temporarily disabled.

The most significant change involves the DRM gem change handle ioctl, which has been disabled entirely after multiple failed attempts to fix race conditions between gem close and gem change handle operations. Commit 8e65320 documents four separate fix attempts that introduced new bugs while trying to resolve use-after-free vulnerabilities. The ioctl remains disabled until proper test coverage can be developed and upstreamed, affecting CRIU workflows with AMD ROCm but preventing potential security exploits.

Graphics drivers saw widespread hardening with bounds checking and memory safety fixes. The AMD GPU driver received fixes for buffer overflows in SDMA queue handling, null pointer dereferences in queue management, and use-after-free races in the KFD subsystem. The Ethosu accelerator driver had particularly extensive fixes, addressing out-of-bounds writes in command stream validation, arithmetic overflows in DMA length calculations, and rejection of unsupported resize operations from userspace.

Virtualization security was strengthened with KVM fixes addressing GHCB handling vulnerabilities in SEV environments. The changes ensure proper unmapping and unpinning of guest-host communication blocks during vCPU cleanup, and implement exact-once reading of page size change request indices to prevent time-of-check-time-of-use attacks.

Filesystem stability improved with EROFS fixes for use-after-free conditions during unmount when compressed I/O operations race with cleanup, and XFS real-time device handling corrections that prevent mount failures and cleanup errors.

These changes collectively address fundamental memory safety issues that could lead to privilege escalation or system crashes, particularly in graphics-intensive and virtualized environments.

That's your Linux Kernel Daily. We'll continue monitoring the DRM ioctl situation as proper fixes are developed.