CVE-2026-23227

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free

Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which easily causes concurrency problem.

For example, use-after-free can occur in race scenario like this:

    CPU0				CPU1				CPU2
    ----				----				----
  vidi_connection_ioctl()
    if (vidi->connection) // true
      drm_edid = drm_edid_alloc(); // alloc drm_edid
      ...
      ctx->raw_edid = drm_edid;
      ...
                                drm_mode_getconnector()
                                  drm_helper_probe_single_connector_modes()
                                    vidi_get_modes()
                                      if (ctx->raw_edid) // true
                                        drm_edid_dup(ctx->raw_edid);
                                          if (!drm_edid) // false
                                          ...
                vidi_connection_ioctl()
                  if (vidi->connection) // false
                    drm_edid_free(ctx->raw_edid); // free drm_edid
                    ...
                                          drm_edid_alloc(drm_edid->edid)
                                            kmemdup(edid); // UAF!!
                                            ...

To prevent these vulns, at least in vidi_context, member variables related to memory alloc/free should be protected with ctx->lock.

EPSS Score: 0.00152 (0.048)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Use After Free


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in