Zack Rusin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The issue is related to a deadlock in the dma buf fence polling mechanism. Specifically, the `vmwgfx` module overwrites the wait callback to iterate over the list of all fences and update their status, holding a lock to prevent list modifications from other threads. The fence destroy callback deletes the fence and removes it from the list of pending fences, for which it holds a lock. However, the dma buf polling callback unrefs a fence after it's been signaled, leading to a situation where the destruction tries to acquire the lock on the pending fences list, which it can never get because it's held by the wait from which it was called. This fixes KDE stalls/deadlock. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the dma buf polling interfaces until a patch is available. Restrict access to the `vmwgfx` module to minimize the risk of exploitation. Avoid using the `dma buf polling cb` in the affected API endpoints until the issue is resolved.