CVE Catalog

CVE-2026-53329

Low risk· EPSS 9%
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

In the Linux kernel, the AMD Display driver's dal_vector_reserve() function uses uint32_t arithmetic for allocation size calculation, which can silently wrap to a small value on overflow. This leads to a smaller buffer being allocated via krealloc(), causing heap overflows on subsequent vector appends.

Risk Assessment

An attacker could exploit this vulnerability to trigger a heap overflow, potentially causing system crashes or privilege escalation in environments using the AMD Display driver.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit 37668568641ccc4cc1dbca4923d0a16609dd5707) or later, which replaces krealloc() with krealloc_array() including overflow checking.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_reserve() [Why & How] dal_vector_reserve() computes the allocation size as "capacity * vector->struct_size" using uint32_t arithmetic, which can silently wrap to a small value on overflow. This would cause krealloc to return a smaller buffer than expected, leading to heap overflows on subsequent vector appends. Replace krealloc() with krealloc_array() which performs an internal overflow check and returns NULL on wrap, preventing the issue. (cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS