Description
In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free

Exynos Virtual Display driver performs memory alloc/free operations
without lock protection, which easily causes concurrency problem.

For example, use-after-free can occur in race scenario like this:
```
CPU0 CPU1 CPU2
---- ---- ----
vidi_connection_ioctl()
if (vidi->connection) // true
drm_edid = drm_edid_alloc(); // alloc drm_edid
...
ctx->raw_edid = drm_edid;
...
drm_mode_getconnector()
drm_helper_probe_single_connector_modes()
vidi_get_modes()
if (ctx->raw_edid) // true
drm_edid_dup(ctx->raw_edid);
if (!drm_edid) // false
...
vidi_connection_ioctl()
if (vidi->connection) // false
drm_edid_free(ctx->raw_edid); // free drm_edid
...
drm_edid_alloc(drm_edid->edid)
kmemdup(edid); // UAF!!
...
```

To prevent these vulns, at least in vidi_context, member variables related
to memory alloc/free should be protected with ctx->lock.
Published: 2026-02-18
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Use‑after‑free leading to memory corruption that may enable remote code execution or denial of service
Action: Apply Kernel Patch
AI Analysis

Impact

A race condition in the Exynos Virtual Display driver results in memory allocation and deallocation operations being performed without proper lock protection. The kernel can free an object that another thread is still accessing, triggering a use‑after‑free scenario. This vulnerability can corrupt memory, potentially allowing an attacker to execute arbitrary code or crash the system. The weakness is a classic use‑after‑free flaw (CWE‑416).

Affected Systems

Any system running a Linux kernel that incorporates the Exynos Virtual Display driver is affected. The vulnerability is present in all versions of the Linux kernel up to the point where the patch is applied, regardless of distribution vendor. The specific impacted component is the DRM/exynos vidi module; therefore all Linux kernels that compile with the Exynos Virtual Display driver are at risk.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and the EPSS score of less than 1 % suggests that exploitation is currently unlikely, consistent with the fact that the vulnerability requires a race condition. The vulnerability is not yet listed in CISA’s KEV catalog. The primary attack vector is local, requiring concurrent use of the driver by two threads, which typically means a privileged or root user or a malicious user exploiting a privileged interface. While not immediately exploitable in a publicly shared environment, an attacker with local access could trigger the flaw to corrupt memory or gain arbitrary code execution.

Generated by OpenCVE AI on April 15, 2026 at 15:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the patch fixing the use of ctx->lock for memory operations in the Exynos Virtual Display driver
  • If an upgrade is not immediately possible, disable the Exynos Virtual Display driver or restrict its interfaces to trusted users only
  • Monitor kernel logs for drm_edid or memory allocation errors and consider applying kernel runtime lock debugging tools to detect concurrency issues

Generated by OpenCVE AI on April 15, 2026 at 15:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 13 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
References

Mon, 23 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
References

Thu, 19 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 18 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which easily causes concurrency problem. For example, use-after-free can occur in race scenario like this: ``` CPU0 CPU1 CPU2 ---- ---- ---- vidi_connection_ioctl() if (vidi->connection) // true drm_edid = drm_edid_alloc(); // alloc drm_edid ... ctx->raw_edid = drm_edid; ... drm_mode_getconnector() drm_helper_probe_single_connector_modes() vidi_get_modes() if (ctx->raw_edid) // true drm_edid_dup(ctx->raw_edid); if (!drm_edid) // false ... vidi_connection_ioctl() if (vidi->connection) // false drm_edid_free(ctx->raw_edid); // free drm_edid ... drm_edid_alloc(drm_edid->edid) kmemdup(edid); // UAF!! ... ``` To prevent these vulns, at least in vidi_context, member variables related to memory alloc/free should be protected with ctx->lock.
Title drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-18T08:57:24.022Z

Reserved: 2026-01-13T15:37:45.987Z

Link: CVE-2026-23227

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-02-18T16:22:32.467

Modified: 2026-04-18T09:16:14.667

Link: CVE-2026-23227

cve-icon Redhat

Severity :

Publid Date: 2026-02-18T00:00:00Z

Links: CVE-2026-23227 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:30:10Z

Weaknesses