{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-45956","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.088Z","datePublished":"2026-05-27T12:18:11.972Z","dateUpdated":"2026-06-05T06:06:12.449Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-05T06:06:12.449Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()\n\nvidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to\nobtain a struct vidi_context pointer. However, drm_dev->dev is the\nexynos-drm master device, and the driver_data contained therein is not\nthe vidi component device, but a completely different device.\n\nThis can lead to various bugs, ranging from null pointer dereferences and\ngarbage value accesses to, in unlucky cases, out-of-bounds errors,\nuse-after-free errors, and more.\n\nTo resolve this issue, we need to store/delete the vidi device pointer in\nexynos_drm_private->vidi_dev during bind/unbind, and then read this\nexynos_drm_private->vidi_dev within ioctl() to obtain the correct\nstruct vidi_context pointer."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/exynos/exynos_drm_drv.h","drivers/gpu/drm/exynos/exynos_drm_vidi.c"],"versions":[{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"2987642c5213508c6c9e718324c0d5289a92c474","status":"affected","versionType":"git"},{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"65d1213baffa363f2eb1117b1dc7acc573b890f8","status":"affected","versionType":"git"},{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"875fa28690e93ed5296c31d3344556c6bb867234","status":"affected","versionType":"git"},{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d","status":"affected","versionType":"git"},{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"b5fc86d753dd4c281a943b92f0eef02d31af03d7","status":"affected","versionType":"git"},{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"a540f767642f75240a6c35f6a65b69e44cfcea9d","status":"affected","versionType":"git"},{"version":"cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322","lessThan":"d3968a0d85b211e197f2f4f06268a7031079e0d0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/exynos/exynos_drm_drv.h","drivers/gpu/drm/exynos/exynos_drm_vidi.c"],"versions":[{"version":"4.3","status":"affected"},{"version":"0","lessThan":"4.3","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.18.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2987642c5213508c6c9e718324c0d5289a92c474"},{"url":"https://git.kernel.org/stable/c/65d1213baffa363f2eb1117b1dc7acc573b890f8"},{"url":"https://git.kernel.org/stable/c/875fa28690e93ed5296c31d3344556c6bb867234"},{"url":"https://git.kernel.org/stable/c/21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d"},{"url":"https://git.kernel.org/stable/c/b5fc86d753dd4c281a943b92f0eef02d31af03d7"},{"url":"https://git.kernel.org/stable/c/a540f767642f75240a6c35f6a65b69e44cfcea9d"},{"url":"https://git.kernel.org/stable/c/d3968a0d85b211e197f2f4f06268a7031079e0d0"}],"title":"drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()","x_generator":{"engine":"bippy-1.2.0"}}}}