CVE-2026-23227

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/exynos: vidi: use ctx-&gt;lock to protect struct vidi_context member variables related to memory alloc/free<br /> <br /> Exynos Virtual Display driver performs memory alloc/free operations<br /> without lock protection, which easily causes concurrency problem.<br /> <br /> For example, use-after-free can occur in race scenario like this:<br /> ```<br /> CPU0 CPU1 CPU2<br /> ---- ---- ----<br /> vidi_connection_ioctl()<br /> if (vidi-&gt;connection) // true<br /> drm_edid = drm_edid_alloc(); // alloc drm_edid<br /> ...<br /> ctx-&gt;raw_edid = drm_edid;<br /> ...<br /> drm_mode_getconnector()<br /> drm_helper_probe_single_connector_modes()<br /> vidi_get_modes()<br /> if (ctx-&gt;raw_edid) // true<br /> drm_edid_dup(ctx-&gt;raw_edid);<br /> if (!drm_edid) // false<br /> ...<br /> vidi_connection_ioctl()<br /> if (vidi-&gt;connection) // false<br /> drm_edid_free(ctx-&gt;raw_edid); // free drm_edid<br /> ...<br /> drm_edid_alloc(drm_edid-&gt;edid)<br /> kmemdup(edid); // UAF!!<br /> ...<br /> ```<br /> <br /> To prevent these vulns, at least in vidi_context, member variables related<br /> to memory alloc/free should be protected with ctx-&gt;lock.