Skip to main content

Linux Kernel CVE-2026-45958

| EUVDEUVD-2026-32242 HIGH
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-x43q-w948-5wxq
7.1
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
MEDIUM
qualitative

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:31 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.1 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 7.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: fix to avoid directly dereferencing user pointer

In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel.

This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.

AnalysisAI

Local privilege escalation and kernel memory corruption in the Linux kernel's Exynos DRM (drm/exynos) vidi driver allows a low-privileged local user to access arbitrary kernel memory by exploiting an unsafe user pointer dereference in vidi_connection_ioctl(). The flaw affects multiple kernel branches up to 6.18.14 and is fixed in stable releases 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.77, 6.18.14, 6.19.4, and 7.0. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 7th percentile).

Technical ContextAI

The vulnerability resides in the Samsung Exynos Display Rendering Manager (DRM) component, specifically the Virtual Display (VIDI) driver used to emulate display connections for testing and headless scenarios. In vidi_connection_ioctl(), the kernel directly dereferences vidi->edid, a pointer supplied by user space, without first copying the EDID (Extended Display Identification Data) payload into kernel memory via copy_from_user(). This is a classic missing-copy_from_user / unsafe userspace pointer dereference pattern (conceptually CWE-822: Untrusted Pointer Dereference, though NVD lists no CWE), which breaks the user/kernel address-space boundary and enables an attacker who controls the pointer value to make the kernel read from or operate on arbitrary kernel addresses.

RemediationAI

Upgrade to a patched stable kernel: 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.77, 6.18.14, 6.19.4, or 7.0 or later, per the EUVD-listed fix versions; distribution users should apply their vendor's backported kernel update once it incorporates the corresponding stable commit (see the git.kernel.org/stable commit references above). As a compensating control until patched, disable or unload the exynos_drm_vidi module (rmmod exynos_drm_vidi and blacklist it via /etc/modprobe.d/) on systems that do not require Exynos virtual display functionality - the side effect is loss of the VIDI test/emulation path, which is generally only used in development and headless display testing. On multi-user Exynos-based devices, restrict local shell access and tighten DRM device node permissions (e.g., /dev/dri/*) to trusted users, accepting the trade-off of reduced unprivileged access to graphics APIs.

CVE-2024-7399 HIGH POC
8.8 Aug 12

Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att

CVE-2025-4632 CRITICAL POC
9.8 May 13

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary

CVE-2012-4333 CRITICAL POC
10.0 Aug 14

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0

CVE-2017-16524 HIGH POC
8.8 Nov 06

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u

CVE-2015-8279 HIGH POC
8.6 Jan 15

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un

CVE-2017-17692 HIGH POC
7.5 Dec 21

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat

CVE-2012-6429 CRITICAL POC
10.0 Apr 04

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7

CVE-2012-4329 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart

CVE-2012-4330 HIGH POC
7.8 Aug 14

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long

CVE-2012-4334 CRITICAL POC
10.0 Aug 14

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v

CVE-2015-5473 CRITICAL
9.8 Jun 01

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary

CVE-2012-4250 CRITICAL POC
9.3 Aug 13

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-45958 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy