CVE-2026-53329
Received Received - Intake

Heap Overflow in AMD Display Driver via krealloc_array()

Vulnerability report for CVE-2026-53329, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_reserve() [Why & How] dal_vector_reserve() computes the allocation size as "capacity * vector->struct_size" using uint32_t arithmetic, which can silently wrap to a small value on overflow. This would cause krealloc to return a smaller buffer than expected, leading to heap overflows on subsequent vector appends. Replace krealloc() with krealloc_array() which performs an internal overflow check and returns NULL on wrap, preventing the issue. (cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's drm/amd/display component, specifically in the dal_vector_reserve() function.

The function calculates the allocation size using uint32_t arithmetic as "capacity * vector->struct_size". If this calculation overflows, it silently wraps around to a smaller value.

As a result, the krealloc() function allocates a smaller buffer than intended, which can lead to heap overflows when the vector is appended to later.

The fix replaces krealloc() with krealloc_array(), which includes an internal overflow check and returns NULL if an overflow occurs, preventing the heap overflow issue.

Impact Analysis

This vulnerability can lead to heap overflows in the Linux kernel's AMD display driver.

Heap overflows can cause memory corruption, which may result in system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges.

Such impacts can compromise the security and reliability of systems running the affected Linux kernel.

Mitigation Strategies

The vulnerability in the Linux kernel's drm/amd/display component has been resolved by replacing krealloc() with krealloc_array() in the dal_vector_reserve() function to prevent heap overflows caused by integer overflow.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53329. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart