drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()

vidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to
obtain a struct vidi_context pointer. However, drm_dev->dev is the
exynos-drm master device, and the driver_data contained therein is not
the vidi component device, but a completely different device.

This can lead to various bugs, ranging from null pointer dereferences and
garbage value accesses to, in unlucky cases, out-of-bounds errors,
use-after-free errors, and more.

To resolve this issue, we need to store/delete the vidi device pointer in
exynos_drm_private->vidi_dev during bind/unbind, and then read this
exynos_drm_private->vidi_dev within ioctl() to obtain the correct
struct vidi_context pointer.

Basic Information

ID CVE-2026-45956

Source Linux

Published May 27, 2026 at 12:18

Modified Jun 5, 2026 at 06:06

Affected Product

Vendor Linux

Product Linux

Version cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322

Affected Versions Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322
Linux Linux 4.3

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()\n\nvidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to\nobtain a struct vidi_context pointer. However, drm_dev->dev is the\nexynos-drm master device, and the driver_data contained therein is not\nthe vidi component device, but a completely different device.\n\nThis can lead to various bugs, ranging from null pointer dereferences and\ngarbage value accesses to, in unlucky cases, out-of-bounds errors,\nuse-after-free errors, and more.\n\nTo resolve this issue, we need to store/delete the vidi device pointer in\nexynos_drm_private->vidi_dev during bind/unbind, and then read this\nexynos_drm_private->vidi_dev within ioctl() to obtain the correct\nstruct vidi_context pointer.",
    "published": "2026-05-27T12:18:11.972Z",
    "modified": "2026-06-05T06:06:12.449Z",
    "type": "cve",
    "title": "drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/2987642c5213508c6c9e718324c0d5289a92c474\nhttps://git.kernel.org/stable/c/65d1213baffa363f2eb1117b1dc7acc573b890f8\nhttps://git.kernel.org/stable/c/875fa28690e93ed5296c31d3344556c6bb867234\nhttps://git.kernel.org/stable/c/21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d\nhttps://git.kernel.org/stable/c/b5fc86d753dd4c281a943b92f0eef02d31af03d7\nhttps://git.kernel.org/stable/c/a540f767642f75240a6c35f6a65b69e44cfcea9d\nhttps://git.kernel.org/stable/c/d3968a0d85b211e197f2f4f06268a7031079e0d0",
    "id": "CVE-2026-45956",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322\nLinux Linux 4.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()_CVE-2026-45956

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply