Description
In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()

vidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to
obtain a struct vidi_context pointer. However, drm_dev->dev is the
exynos-drm master device, and the driver_data contained therein is not
the vidi component device, but a completely different device.

This can lead to various bugs, ranging from null pointer dereferences and
garbage value accesses to, in unlucky cases, out-of-bounds errors,
use-after-free errors, and more.

To resolve this issue, we need to store/delete the vidi device pointer in
exynos_drm_private->vidi_dev during bind/unbind, and then read this
exynos_drm_private->vidi_dev within ioctl() to obtain the correct
struct vidi_context pointer.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Exynos DRM driver in the Linux kernel contains an error in vidi_connection_ioctl where the driver data is incorrectly taken from the master DRM device instead of the specific vidi component. This mis‑lookup can trigger null pointer dereferences, out‑of‑bounds memory accesses, and use‑after‑free conditions (CWE‑416, CWE‑466). These bugs can corrupt kernel memory and potentially cause system crashes or other instability. While the CVE description does not explicitly state privilege escalation, kernel memory corruption could enable such an outcome if successfully exploited.

Affected Systems

Any Linux kernel that includes the Exynos DRM subsystem and has not applied the upstream fix that replaces the lookup with priv->vidi_dev is affected. This includes all kernels running on Exynos SoCs before the patch, such as many Android devices and embedded boards that use the Exynos DRM driver.

Risk and Exploitability

The CVSS score of 7.8 reflects high severity, with the primary fallout being kernel memory corruption and denial of service. The EPSS score of <1% indicates a very low likelihood of exploitation in broad deployments, and the vulnerability is not listed in the CISA KEV catalog. Exploitation would require local access to the vidi ioctl interface, as the flaw stems from an internal lookup bug. While the entry does not identify a specific attack vector, the most plausible approach involves a local attacker invoking the vulnerable ioctl to trigger the memory corruption.

Generated by OpenCVE AI on June 16, 2026 at 23:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a release that includes the upstream fix for vidi_connection_ioctl, such as the commit that uses priv->vidi_dev for context lookup.
  • If a kernel upgrade is not immediately possible, disable or unload the exynos_drm module to remove the vulnerable ioctl interface from the system.
  • Restrict access to the Exynos DRM device node (e.g., by setting ownership to root and using SELinux or AppArmor to limit it to trusted processes.

Generated by OpenCVE AI on June 16, 2026 at 23:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 05 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 28 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-416
CWE-690

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-466
References

Wed, 27 May 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-416
CWE-690

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() vidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to obtain a struct vidi_context pointer. However, drm_dev->dev is the exynos-drm master device, and the driver_data contained therein is not the vidi component device, but a completely different device. This can lead to various bugs, ranging from null pointer dereferences and garbage value accesses to, in unlucky cases, out-of-bounds errors, use-after-free errors, and more. To resolve this issue, we need to store/delete the vidi device pointer in exynos_drm_private->vidi_dev during bind/unbind, and then read this exynos_drm_private->vidi_dev within ioctl() to obtain the correct struct vidi_context pointer.
Title drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-05T06:06:12.449Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45956

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:12.157

Modified: 2026-06-16T02:33:20.723

Link: CVE-2026-45956

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45956 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:15:16Z

Weaknesses
  • CWE-416

    Use After Free

  • CWE-466

    Return of Pointer Value Outside of Expected Range