CVE-2026-45958
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that allows direct dereferencing of a user pointer in the vidi_connection_ioctl() function. This enables access to kernel memory from user space.
Risk Assessment
This vulnerability poses a risk of unauthorized access to kernel memory, which could lead to serious security breaches in the system.
Recommendation
It is recommended to update the Linux kernel to the latest version to patch this vulnerability and avoid potential threats.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.

