CVE-2026-23227 – drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free

CVE ID : CVE-2026-23227

Published : Feb. 18, 2026, 4:22 p.m. | 37 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free

Exynos Virtual Display driver performs memory alloc/free operations
without lock protection, which easily causes concurrency problem.

For example, use-after-free can occur in race scenario like this:
“`
CPU0 CPU1 CPU2
—- —- —-
vidi_connection_ioctl()
if (vidi->connection) // true
drm_edid = drm_edid_alloc(); // alloc drm_edid
…
ctx->raw_edid = drm_edid;
…
drm_mode_getconnector()
drm_helper_probe_single_connector_modes()
vidi_get_modes()
if (ctx->raw_edid) // true
drm_edid_dup(ctx->raw_edid);
if (!drm_edid) // false
…
vidi_connection_ioctl()
if (vidi->connection) // false
drm_edid_free(ctx->raw_edid); // free drm_edid
…
drm_edid_alloc(drm_edid->edid)
kmemdup(edid); // UAF!!
…
“`

To prevent these vulns, at least in vidi_context, member variables related
to memory alloc/free should be protected with ctx->lock.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…