CVE-2026-23227
Received Received - Intake
Use-After-Free in Linux Exynos Vidi Driver Due to Missing Lock

Publication date: 2026-02-18

Last updated on: 2026-04-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which easily causes concurrency problem. For example, use-after-free can occur in race scenario like this: ``` CPU0 CPU1 CPU2 ---- ---- ---- vidi_connection_ioctl() if (vidi->connection) // true drm_edid = drm_edid_alloc(); // alloc drm_edid ... ctx->raw_edid = drm_edid; ... drm_mode_getconnector() drm_helper_probe_single_connector_modes() vidi_get_modes() if (ctx->raw_edid) // true drm_edid_dup(ctx->raw_edid); if (!drm_edid) // false ... vidi_connection_ioctl() if (vidi->connection) // false drm_edid_free(ctx->raw_edid); // free drm_edid ... drm_edid_alloc(drm_edid->edid) kmemdup(edid); // UAF!! ... ``` To prevent these vulns, at least in vidi_context, member variables related to memory alloc/free should be protected with ctx->lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-04-18
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23227
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.1 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.11 (exc)
linux linux_kernel From 3.6 (inc) to 6.12.77 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's Exynos Virtual Display driver (drm/exynos: vidi). The driver performs memory allocation and free operations without proper lock protection, which leads to concurrency problems.

Specifically, member variables related to memory allocation and freeing in the vidi_context structure are accessed without using the ctx->lock, causing race conditions.

An example race scenario involves multiple CPUs where one CPU allocates memory and assigns it to ctx->raw_edid, while another CPU may free that memory concurrently, leading to a use-after-free (UAF) condition.

To fix this, the vulnerability was resolved by ensuring that memory-related member variables in vidi_context are protected by ctx->lock to prevent concurrent access issues.

Impact Analysis

This vulnerability can cause concurrency problems such as use-after-free conditions in the Exynos Virtual Display driver.

Use-after-free bugs can lead to system instability, crashes, or potentially allow attackers to execute arbitrary code or cause denial of service by exploiting the race condition.

Therefore, if you are using affected Linux kernels with the Exynos Virtual Display driver, your system could be vulnerable to these issues until patched.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that the Exynos Virtual Display driver (vidi) in the Linux kernel uses proper locking mechanisms to protect memory allocation and free operations.

Specifically, member variables related to memory allocation and freeing in vidi_context should be protected with ctx->lock to prevent concurrency issues such as use-after-free.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart