{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53137","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.387Z","datePublished":"2026-06-25T08:38:25.977Z","dateUpdated":"2026-06-25T08:38:25.977Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-25T08:38:25.977Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size\n\n[Why & How]\nDuring HDCP 2.x repeater authentication over HDMI, the driver reads the\nsink's RxStatus register and extracts a 10-bit message size field (max\nvalue 1023). This value is used as the read length for the ReceiverID\nlist without being clamped to the size of the destination buffer\nrx_id_list[177]. A malicious HDMI repeater could advertise a message\nsize larger than the buffer, causing an out-of-bounds write during the\nI2C read.\n\nClamp the read length in mod_hdcp_read_rx_id_list() to the size of the\nrx_id_list buffer, matching the approach already used in the DP branch.\n\n(cherry picked from commit 229212219e4247d9486f8ba41ef087358490be09)"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"],"versions":[{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"3c4444aec06c74fbc05661f370954ac814963c38","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"91fb41218c413989d8b6c837748751454b452d68","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"964e50ef7b8f09815a7d05b8326af700f8d5bc96","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"79e0273272a05fb26f9b1e55bf1a52eefc3b7b35","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"bfba882cfcd08f6540f72f48e786b6404f5d2c5b","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"1906064d50d194a145486e5caf3db3e708b6f6ef","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"98cfb7530ea91d8e5e928285cdce58e1131f6e83","status":"affected","versionType":"git"},{"version":"eff682f83c9c2030761e7536c5d97e1b20f71c15","lessThan":"f0f3981c43b32cadfe373d636d9e9ca522bb3702","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.259"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1.176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.6.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.12.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.18.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"7.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3c4444aec06c74fbc05661f370954ac814963c38"},{"url":"https://git.kernel.org/stable/c/91fb41218c413989d8b6c837748751454b452d68"},{"url":"https://git.kernel.org/stable/c/964e50ef7b8f09815a7d05b8326af700f8d5bc96"},{"url":"https://git.kernel.org/stable/c/79e0273272a05fb26f9b1e55bf1a52eefc3b7b35"},{"url":"https://git.kernel.org/stable/c/bfba882cfcd08f6540f72f48e786b6404f5d2c5b"},{"url":"https://git.kernel.org/stable/c/1906064d50d194a145486e5caf3db3e708b6f6ef"},{"url":"https://git.kernel.org/stable/c/98cfb7530ea91d8e5e928285cdce58e1131f6e83"},{"url":"https://git.kernel.org/stable/c/f0f3981c43b32cadfe373d636d9e9ca522bb3702"}],"title":"drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size","x_generator":{"engine":"bippy-1.2.0"}}}}