CVE Catalog

CVE-2026-45958

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel that allows direct dereferencing of a user pointer in the vidi_connection_ioctl() function. This enables access to kernel memory from user space.

Risk Assessment

This vulnerability poses a risk of unauthorized access to kernel memory, which could lead to serious security breaches in the system.

Recommendation

It is recommended to update the Linux kernel to the latest version to patch this vulnerability and avoid potential threats.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS