CVE Catalog

CVE-2026-53356

Unknown
Published: Translated: NVD NIST

Summary

A vulnerability was found in the Linux kernel's DRM driver for Intel i915, affecting read/write (pread/pwrite) operations for physical buffers (phys BO). The bug incorrectly scales the offset using the pointer returned by sg_page(), causing access to wrong buffer parts. It primarily impacts Gen3/945G/Lakeport platforms using overlay or cursor planes with physical mapping.

Risk Assessment

The organization may face incorrect graphics hardware behavior, including display errors or potential data integrity violations if the vulnerability is exploited to read/write outside the intended buffer area.

Recommendation

Immediately update the Linux kernel to a version containing commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6 or later, which fixes the offset scaling in pread/pwrite operations for phys BO.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg_page() returns struct page pointer not (void *) so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted platform with overlay or cursor planes using phys mapping was Gen3/945G/Lakeport. (cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS