Skip to main content

Linux Kernel CVE-2026-53068

| EUVDEUVD-2026-38936 HIGH
2026-06-24 Linux GHSA-5pf3-f93j-64w2
7.1
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
7.1 HIGH

Local DRM access by a low-privileged user (AV:L/PR:L), straightforward overflow (AC:L); out-of-bounds access yields info leak (C:H) and kernel crash (A:H) with no integrity impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:01 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.1 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:30 cve.org
HIGH 7.1
CVE Published
Jun 24, 2026 - 16:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/komeda: fix integer overflow in AFBC framebuffer size check

The AFBC framebuffer size validation calculates the minimum required buffer size by adding the AFBC payload size to the framebuffer offset. This addition is performed without checking for integer overflow.

If the addition oveflows, the size check may incorrectly succed and allow userspace to provide an undersized drm_gem_object, potentially leading to out-of-bounds memory access.

Add usage of check_add_overflow() to safely compute the minimum required size and reject the framebuffer if an overflow is detected. This makes the AFBC size validation more robust against malformed.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

AnalysisAI

Out-of-bounds memory access in the Linux kernel's Arm Mali 'komeda' DRM display driver allows a local low-privileged user to bypass AFBC framebuffer size validation via an integer overflow, supplying an undersized GEM buffer object that the driver treats as valid. Exploitation requires local access to the DRM device on hardware using the komeda driver, and there is no public exploit identified at time of analysis; EPSS probability is very low (0.16%, 6th percentile). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local DRM device access
Delivery
Craft AFBC framebuffer with overflowing offset/size
Exploit
Submit via DRM ADDFB2 ioctl
Execution
Bypass size check with undersized GEM object
Persist
Trigger out-of-bounds read/write in display pipeline
Impact
Leak kernel memory or crash system

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the DRM device node on a system actually running the drm/komeda driver (Arm Mali D71-class display hardware), plus the ability to submit an AFBC-format framebuffer via DRM ioctls - meaning the AFBC code path must be reachable for the malformed offset/size addition to overflow. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are consistent and point to a real-but-bounded local issue rather than a mass-exploitation priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with access to the DRM device on an Arm Mali komeda-based system (e.g. an embedded Linux device or development board) issues a DRM ADDFB2 ioctl with a crafted AFBC framebuffer whose offset and computed payload size wrap the unsigned addition. …
Remediation Vendor-released patch: update to a fixed stable kernel - 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 7.0.10, or 6.18.33 (or later) for the matching series, which add the check_add_overflow() guard to the AFBC size validation. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory Linux systems running Arm Mali komeda driver and identify those with local user access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53068 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy