PT-2026-51860 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-52966
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
drm: Replace old pointer to new idr
Commit 5e28b7b94408 introduced a logical error by failing to replace the
newly generated IDR pointer to old id's pointer at the correct location
within the "change handle" logic; this resulted in the issue reported by
syzbot [1].
Specifically, the new IDR object pointer is intended to replace the original
id's pointer during the normal execution flow.
Additionally, an unnecessary conditional check for the ret exit path has
been removed.
[1]
!RB EMPTY ROOT(&prime fpriv->dmabufs)
WARNING: drivers/gpu/drm/drm prime.c:224 at drm prime destroy file private+0x48/0x60 drivers/gpu/drm/drm prime.c:224, CPU#0: syz.0.17/5833
Call Trace:
drm file free.part.0+0x7e6/0xcc0 drivers/gpu/drm/drm file.c:269
drm file free drivers/gpu/drm/drm file.c:237 [inline]
drm close helper.isra.0+0x186/0x200 drivers/gpu/drm/drm file.c:290
drm release+0x1ab/0x360 drivers/gpu/drm/drm file.c:438
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux