CVE-2026-52966
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted in the issue reported by syzbot [1]. Specifically, the new IDR object pointer is intended to replace the original id's pointer during the normal execution flow. Additionally, an unnecessary conditional check for the ret exit path has been removed. [1] !RB_EMPTY_ROOT(&prime_fpriv->dmabufs) WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x48/0x60 drivers/gpu/drm/drm_prime.c:224, CPU#0: syz.0.17/5833 Call Trace: drm_file_free.part.0+0x7e6/0xcc0 drivers/gpu/drm/drm_file.c:269 drm_file_free drivers/gpu/drm/drm_file.c:237 [inline] drm_close_helper.isra.0+0x186/0x200 drivers/gpu/drm/drm_file.c:290 drm_release+0x1ab/0x360 drivers/gpu/drm/drm_file.c:438
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52966
EUVD
EUVD-2026-38834
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability in the Linux kernel involves a logical error in the DRM subsystem where a newly generated IDR pointer was not correctly replaced with the old IDR pointer during the 'change handle' logic. This could potentially lead to improper handling of GPU-related resources.

The impact may include instability or unexpected behavior in graphics device management, possibly causing resource leaks or crashes related to GPU buffer management.

Executive Summary

This vulnerability in the Linux kernel involves a logical error introduced by a commit that failed to properly replace a newly generated IDR pointer with the old IDR pointer in the "change handle" logic. Specifically, the new IDR object pointer was supposed to replace the original pointer during normal execution, but this replacement did not occur correctly.

As a result, this caused issues related to the management of DRM (Direct Rendering Manager) resources, as indicated by warnings and call traces in the drm_prime_destroy_file_private function. Additionally, an unnecessary conditional check was removed to clean up the code.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52966. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart