CVE-2026-23227

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Exynos Virtual Display driver in the Linux kernel has a concurrency issue due to missing lock protection during memory allocation and deallocation operations. This can lead to a use-after-free condition. The example code provided illustrates a race scenario where a pointer to allocated memory (drm edid) is freed, and then the same memory is reallocated and used, potentially leading to a crash or other unpredictable behavior. The issue involves member variables within the struct vidi context related to memory management. The vidi connection ioctl() and vidi get modes() functions are implicated in the described scenario. The ctx->lock is intended to protect these member variables.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.