CVE-2026-53066
Awaiting Analysis Awaiting Analysis - Queue

DRM Plane State Error Pointer Dereference in Linux Kernel

Vulnerability report for CVE-2026-53066, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: backend: fix error pointer dereference The function drm_atomic_get_plane_state() can return an error pointer and is not checked for it. Add error pointer check. Detected by Smatch: drivers/gpu/drm/sun4i/sun4i_backend.c:496 sun4i_backend_atomic_check() error: 'plane_state' dereferencing possible ERR_PTR()

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel, specifically in the drm/sun4i backend component. The function drm_atomic_get_plane_state() can return an error pointer, but the code does not check for this error pointer before dereferencing it. This can lead to an error pointer dereference issue.

The problem was detected by Smatch, a static analysis tool, which found that the 'plane_state' variable could be dereferenced even if it was an error pointer (ERR_PTR()). The fix involves adding a check for the error pointer before dereferencing.

Impact Analysis

This vulnerability involves an error pointer dereference in the Linux kernel's drm/sun4i backend. Specifically, the function drm_atomic_get_plane_state() can return an error pointer which was not checked, potentially leading to a kernel error or crash when the pointer is dereferenced without validation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53066. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart