CVE-2026-45956
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within the vidi_connection_ioctl() function, which may lead to errors such as null pointer dereferences and out-of-bounds errors. The issue arises from incorrectly obtaining the vidi context pointer from the wrong master device.
Risk Assessment
This vulnerability could lead to serious system errors, including application crashes and potential security holes that could be exploited by malicious software.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed. Additionally, monitor systems for unauthorized access.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() vidi_connection_ioctl() retrieves the driver_data from drm_dev->dev to obtain a struct vidi_context pointer. However, drm_dev->dev is the exynos-drm master device, and the driver_data contained therein is not the vidi component device, but a completely different device. This can lead to various bugs, ranging from null pointer dereferences and garbage value accesses to, in unlucky cases, out-of-bounds errors, use-after-free errors, and more. To resolve this issue, we need to store/delete the vidi device pointer in exynos_drm_private->vidi_dev during bind/unbind, and then read this exynos_drm_private->vidi_dev within ioctl() to obtain the correct struct vidi_context pointer.

