7.1

CVE-2026-53068

drm/komeda: fix integer overflow in AFBC framebuffer size check

In the Linux kernel, the following vulnerability has been resolved:

drm/komeda: fix integer overflow in AFBC framebuffer size check

The AFBC framebuffer size validation calculates the minimum required
buffer size by adding the AFBC payload size to the framebuffer offset.
This addition is performed without checking for integer overflow.

If the addition oveflows, the size check may incorrectly succed and
allow userspace to provide an undersized drm_gem_object, potentially
leading to out-of-bounds memory access.

Add usage of check_add_overflow() to safely compute the minimum
required size and reject the framebuffer if an overflow is detected.
This makes the AFBC size validation more robust against malformed.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < a3a2a9bdc0f9c2d863a5a290cb2d4a565f7268e7
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < e27b58095d7d3ac72f230e318838dee956258460
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < 02ff8a7d3d0eecc546b9ab4c07b3d7c65d485583
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < d8a541906860aa3519b1874780d933c766918a7c
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < 8165e8b28fdf392c2c7412518d602b4f193812a8
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < fe1f80f8f6e8611ac6349b9d464e8750443390cf
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < 872d923b852705054bc099af663da862fdc1097d
Status affected
Version 65ad2392dd6d1691db93e82b08d3311298b9d64a
Version < 779ec12c85c9e4547519e3903a371a3b26a289de
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.3
Status affected
Version 0
Version < 5.3
Status unaffected
Version <= 5.10.*
Version 5.10.258
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.019
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/a3a2a9bdc0f9c2d863a5a290cb2d4a565f7268e7
https://git.kernel.org/stable/c/e27b58095d7d3ac72f230e318838dee956258460
https://git.kernel.org/stable/c/02ff8a7d3d0eecc546b9ab4c07b3d7c65d485583
https://git.kernel.org/stable/c/d8a541906860aa3519b1874780d933c766918a7c
https://git.kernel.org/stable/c/8165e8b28fdf392c2c7412518d602b4f193812a8
https://git.kernel.org/stable/c/fe1f80f8f6e8611ac6349b9d464e8750443390cf
https://git.kernel.org/stable/c/872d923b852705054bc099af663da862fdc1097d
https://git.kernel.org/stable/c/779ec12c85c9e4547519e3903a371a3b26a289de