{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45956", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.088Z", "datePublished": "2026-05-27T12:18:11.972Z", "dateUpdated": "2026-05-30T10:41:50.860Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-30T10:41:50.860Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()\n\nvidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to\nobtain a struct vidi_context pointer. However, drm_dev->dev is the\nexynos-drm master device, and the driver_data contained therein is not\nthe vidi component device, but a completely different device.\n\nThis can lead to various bugs, ranging from null pointer dereferences and\ngarbage value accesses to, in unlucky cases, out-of-bounds errors,\nuse-after-free errors, and more.\n\nTo resolve this issue, we need to store/delete the vidi device pointer in\nexynos_drm_private->vidi_dev during bind/unbind, and then read this\nexynos_drm_private->vidi_dev within ioctl() to obtain the correct\nstruct vidi_context pointer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/exynos/exynos_drm_drv.h", "drivers/gpu/drm/exynos/exynos_drm_vidi.c"], "versions": [{"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "2987642c5213508c6c9e718324c0d5289a92c474", "status": "affected", "versionType": "git"}, {"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "65d1213baffa363f2eb1117b1dc7acc573b890f8", "status": "affected", "versionType": "git"}, {"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "875fa28690e93ed5296c31d3344556c6bb867234", "status": "affected", "versionType": "git"}, {"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d", "status": "affected", "versionType": "git"}, {"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "b5fc86d753dd4c281a943b92f0eef02d31af03d7", "status": "affected", "versionType": "git"}, {"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "a540f767642f75240a6c35f6a65b69e44cfcea9d", "status": "affected", "versionType": "git"}, {"version": "cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322", "lessThan": "d3968a0d85b211e197f2f4f06268a7031079e0d0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/exynos/exynos_drm_drv.h", "drivers/gpu/drm/exynos/exynos_drm_vidi.c"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.14", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.18.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2987642c5213508c6c9e718324c0d5289a92c474"}, {"url": "https://git.kernel.org/stable/c/65d1213baffa363f2eb1117b1dc7acc573b890f8"}, {"url": "https://git.kernel.org/stable/c/875fa28690e93ed5296c31d3344556c6bb867234"}, {"url": "https://git.kernel.org/stable/c/21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d"}, {"url": "https://git.kernel.org/stable/c/b5fc86d753dd4c281a943b92f0eef02d31af03d7"}, {"url": "https://git.kernel.org/stable/c/a540f767642f75240a6c35f6a65b69e44cfcea9d"}, {"url": "https://git.kernel.org/stable/c/d3968a0d85b211e197f2f4f06268a7031079e0d0"}], "title": "drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()\n\nvidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to\nobtain a struct vidi_context pointer. However, drm_dev->dev is the\nexynos-drm master device, and the driver_data contained therein is not\nthe vidi component device, but a completely different device.\n\nThis can lead to various bugs, ranging from null pointer dereferences and\ngarbage value accesses to, in unlucky cases, out-of-bounds errors,\nuse-after-free errors, and more.\n\nTo resolve this issue, we need to store/delete the vidi device pointer in\nexynos_drm_private->vidi_dev during bind/unbind, and then read this\nexynos_drm_private->vidi_dev within ioctl() to obtain the correct\nstruct vidi_context pointer."}], "id": "CVE-2026-45956", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:12.157", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2987642c5213508c6c9e718324c0d5289a92c474"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65d1213baffa363f2eb1117b1dc7acc573b890f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/875fa28690e93ed5296c31d3344556c6bb867234"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a540f767642f75240a6c35f6a65b69e44cfcea9d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b5fc86d753dd4c281a943b92f0eef02d31af03d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d3968a0d85b211e197f2f4f06268a7031079e0d0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()", "id": "2481956", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481956"}, "csaw": false, "cwe": "CWE-466", "details": ["A flaw was found in the Linux kernel's drm/exynos component. This vulnerability arises from an incorrect lookup of device information within the vidi_connection_ioctl() function, where the system uses an improper pointer to access data. This can lead to memory corruption, which means the system might try to access or modify memory it shouldn't. The consequences include system instability, such as crashes, and in certain situations, could potentially allow an attacker to gain unauthorized control over the system."], "name": "CVE-2026-45956", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-45956\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45956\nhttps://lore.kernel.org/linux-cve-announce/2026052732-CVE-2026-45956-50e2@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2987642c5213508c6c9e718324c0d5289a92c474)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,65d1213baffa363f2eb1117b1dc7acc573b890f8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,875fa28690e93ed5296c31d3344556c6bb867234)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,21ca24ba51a2c28bcc4df9d7e5a40b0eb66ab76d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b5fc86d753dd4c281a943b92f0eef02d31af03d7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a540f767642f75240a6c35f6a65b69e44cfcea9d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d3968a0d85b211e197f2f4f06268a7031079e0d0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.10.253)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.15.203)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.1.167)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.6.130)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.18.14)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.19.4)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.253,5.10.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.15.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.1.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.14,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.4,6.19.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T20:45:25.617792+00:00", "updated": "2026-05-28T06:00:11.348618+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}