-

CVE-2026-53329

drm/amd/display: Use krealloc_array() in dal_vector_reserve()

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Use krealloc_array() in dal_vector_reserve()

[Why & How]
dal_vector_reserve() computes the allocation size as
"capacity * vector->struct_size" using uint32_t arithmetic, which can
silently wrap to a small value on overflow. This would cause krealloc to
return a smaller buffer than expected, leading to heap overflows on
subsequent vector appends.

Replace krealloc() with krealloc_array() which performs an internal
overflow check and returns NULL on wrap, preventing the issue.

(cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < 9540b0a4d13e4ede64ae1197d66a176d2149daa9
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < 31180638a33acad12c863132704a76536fb66211
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < b15825deac1acff72638bbc8f05b89ceef8dfb13
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < 201151e120f0062bcda21cad5d007b82725ad23b
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < a914aa802669e073f014dae2e5708633b5cecd34
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < e09689286385a66311ac6922af95339d7a3cef8d
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < de988c7a31f0774f07894cfe4802996f318e2870
Status affected
Version 2004f45ef83f07f43f5da6ede780b08068c7583d
Version < da48bc4461b8a5ebfb9264c9b191a701d8e99009
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.15
Status affected
Version 0
Version < 4.15
Status unaffected
Version <= 5.10.*
Version 5.10.260
Status unaffected
Version <= 5.15.*
Version 5.15.210
Status unaffected
Version <= 6.1.*
Version 6.1.176
Status unaffected
Version <= 6.6.*
Version 6.6.143
Status unaffected
Version <= 6.12.*
Version 6.12.94
Status unaffected
Version <= 6.18.*
Version 6.18.36
Status unaffected
Version <= 7.0.*
Version 7.0.13
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.094
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/31180638a33acad12c863132704a76536fb66211
https://git.kernel.org/stable/c/b15825deac1acff72638bbc8f05b89ceef8dfb13
https://git.kernel.org/stable/c/201151e120f0062bcda21cad5d007b82725ad23b
https://git.kernel.org/stable/c/a914aa802669e073f014dae2e5708633b5cecd34
https://git.kernel.org/stable/c/e09689286385a66311ac6922af95339d7a3cef8d
https://git.kernel.org/stable/c/de988c7a31f0774f07894cfe4802996f318e2870
https://git.kernel.org/stable/c/da48bc4461b8a5ebfb9264c9b191a701d8e99009
https://git.kernel.org/stable/c/9540b0a4d13e4ede64ae1197d66a176d2149daa9