CVE-2026-53213
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
In the Linux kernel DRM vc4 driver, a memory leak was discovered due to improper use of krealloc(). Overwriting the original pointer without checking for NULL return value loses the reference to previously allocated memory if reallocation fails.
Risk Assessment
Memory leak can gradually exhaust system resources, potentially leading to denial of service (DoS) or system instability.
Recommendation
Immediately update the Linux kernel to a version containing the fix that uses a temporary variable to check krealloc() result and employs krealloc_array().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc() memory leak Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter: MEM = krealloc(MEM, SZ, GFP); If krealloc() returns NULL, that erases the pointer to the still allocated memory, hence leaks this memory. Instead, use a temporary variable, check it's not NULL and only then assign it to the original pointer: TMP = krealloc(MEM, SZ, GFP); if (!TMP) return; MEM = TMP; While on it, use krealloc_array().

