CVE-2026-45956
Analyzed Analyzed - Analysis Complete
Use-After-Free in Linux Kernel Exynos DRM VIDI

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() vidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to obtain a struct vidi_context pointer. However, drm_dev->dev is the exynos-drm master device, and the driver_data contained therein is not the vidi component device, but a completely different device. This can lead to various bugs, ranging from null pointer dereferences and garbage value accesses to, in unlucky cases, out-of-bounds errors, use-after-free errors, and more. To resolve this issue, we need to store/delete the vidi device pointer in exynos_drm_private->vidi_dev during bind/unbind, and then read this exynos_drm_private->vidi_dev within ioctl() to obtain the correct struct vidi_context pointer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45956
EUVD
EUVD-2026-32240
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 4.3 (inc) to 5.10.253 (exc)
linux linux_kernel From 6.7 (inc) to 6.18.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability has been resolved by modifying the Linux kernel code to correctly use the vidi device pointer for context lookup in vidi_connection_ioctl().

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Executive Summary

This vulnerability exists in the Linux kernel's drm/exynos driver, specifically in the vidi_connection_ioctl() function. The function incorrectly retrieves driver_data from drm_dev->dev, which points to the exynos-drm master device rather than the vidi component device. As a result, the pointer obtained is not the correct vidi_context pointer.

This incorrect pointer usage can cause various bugs such as null pointer dereferences, garbage value accesses, out-of-bounds errors, and use-after-free errors.

The fix involves storing and deleting the vidi device pointer properly during bind/unbind operations and then using this stored pointer within ioctl() to get the correct vidi_context pointer.

Impact Analysis

This vulnerability can lead to system instability or crashes due to null pointer dereferences and memory errors such as out-of-bounds and use-after-free conditions.

Such bugs may cause denial of service or unpredictable behavior in systems using the affected Linux kernel drm/exynos driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45956. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart