Description
In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: fix to avoid directly dereferencing user pointer

In vidi_connection_ioctl(), vidi->edid(user pointer) is directly
dereferenced in the kernel.

This allows arbitrary kernel memory access from the user space, so instead
of directly accessing the user pointer in the kernel, we should modify it
to copy edid to kernel memory using copy_from_user() and use it.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel DRM Exynos vidi module implements a flaw in vidi_connection_ioctl() where a user‑supplied pointer is dereferenced directly without validation. This oversight allows a malicious user process to read arbitrary kernel memory, potentially disclosing secrets or enabling privilege escalation. The weakness arises from improper use of untrusted data in kernel space, fitting the definition of an improper validation of user data used in a privileged context.

Affected Systems

Linux systems that include the Exynos DRM vidi driver and are running kernel versions that contain the unpatched code path are affected. No specific kernel version list is provided, so any release that implements the vulnerable vidi module without the fix could be compromised.

Risk and Exploitability

The attack vector originates in user space via the vidi_connection_ioctl call. Although no CVSS score or EPSS value is available and the vulnerability is not listed in the CISA KEV catalog, the ability to dereference user pointers leads to a high‑impact kernel memory read. Exploit construction would involve crafting a malicious ioctl payload that forces the kernel to read data from a chosen address, potentially revealing sensitive kernel information.

Generated by OpenCVE AI on May 27, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the patch for the vidi module, as referenced in the commit logs.
  • Confirm that the updated kernel driver no longer dereferences user pointers without copying via copy_from_user() in vidi_connection_ioctl().
  • If a kernel upgrade cannot be performed immediately, limit access to the vidi ioctl to privileged users or disable the Exynos DRM driver until a validated patch is installed.

Generated by OpenCVE AI on May 27, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.
Title drm/exynos: vidi: fix to avoid directly dereferencing user pointer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:14.878Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45958

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:12.417

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45958

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:30:38Z

Weaknesses