{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52965", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.374Z", "datePublished": "2026-06-24T16:28:45.090Z", "dateUpdated": "2026-06-24T16:28:45.090Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:28:45.090Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure\n\nWhen ttm_tt_swapout() fails, the current code calls\nttm_resource_add_bulk_move() followed by ttm_resource_move_to_lru_tail()\nto restore the resource's bulk_move membership.\n\nHowever, ttm_resource_move_to_lru_tail() places the resource at the tail\nof the LRU list which, relative to the walk cursor's hitch node (placed\nimmediately after the resource when it was yielded), puts the resource\n*in front of the* the hitch. The next list_for_each_entry_continue() from\nthe hitch finds the same resource again, causing an infinite loop.\n\nFix by deferring del_bulk_move to the success path only.\n\nOn the success path, TTM_TT_FLAG_SWAPPED has just been set by\nttm_tt_swapout() but the resource is still tracked in the bulk_move range,\nso ttm_resource_del_bulk_move()'s !ttm_resource_unevictable() guard would\nincorrectly skip the removal. Introduce\nttm_resource_del_bulk_move_unevictable() which bypasses that guard."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/ttm/ttm_bo.c", "drivers/gpu/drm/ttm/ttm_resource.c", "include/drm/ttm/ttm_resource.h"], "versions": [{"version": "fc5d96670eb2540d2572a14351e82ffe45d5ac11", "lessThan": "0124a09e3e5f5f6080efe9663b27af27933f8382", "status": "affected", "versionType": "git"}, {"version": "fc5d96670eb2540d2572a14351e82ffe45d5ac11", "lessThan": "b2ed01e7ad3de80333e9b962a44024b094bc0b2b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/ttm/ttm_bo.c", "drivers/gpu/drm/ttm/ttm_resource.c", "include/drm/ttm/ttm_resource.h"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0124a09e3e5f5f6080efe9663b27af27933f8382"}, {"url": "https://git.kernel.org/stable/c/b2ed01e7ad3de80333e9b962a44024b094bc0b2b"}], "title": "drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure", "id": "2492265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492265"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-237", "details": ["A flaw was found in the Linux kernel's TTM (Trusted Memory Manager) component. When the ttm_tt_swapout() function fails, a resource is incorrectly added to the Least Recently Used (LRU) list. This misplacement can lead to an infinite loop during subsequent list processing, causing the system to become unresponsive. This issue can result in a Denial of Service (DoS)."], "name": "CVE-2026-52965", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52965\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52965\nhttps://lore.kernel.org/linux-cve-announce/2026062438-CVE-2026-52965-b15c@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[fc5d96670eb2540d2572a14351e82ffe45d5ac11,0124a09e3e5f5f6080efe9663b27af27933f8382)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[fc5d96670eb2540d2572a14351e82ffe45d5ac11,b2ed01e7ad3de80333e9b962a44024b094bc0b2b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.13"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.13)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.10,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-24T18:30:06.420828+00:00", "updated": "2026-06-26T05:30:17.444528+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}