SB20260625101 - Integer overflow in Linux kernel display komeda driver
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer overflow (CVE-ID: CVE-2026-53068)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause an out-of-bounds memory access.
The vulnerability exists due to integer overflow in the AFBC framebuffer size check in komeda_framebuffer.c when validating a userspace-supplied AFBC framebuffer object. A local user can provide an undersized drm_gem_object with crafted size-related values to cause an out-of-bounds memory access.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02ff8a7d3d0eecc546b9ab4c07b3d7c65d485583
- https://git.kernel.org/stable/c/779ec12c85c9e4547519e3903a371a3b26a289de
- https://git.kernel.org/stable/c/8165e8b28fdf392c2c7412518d602b4f193812a8
- https://git.kernel.org/stable/c/872d923b852705054bc099af663da862fdc1097d
- https://git.kernel.org/stable/c/a3a2a9bdc0f9c2d863a5a290cb2d4a565f7268e7
- https://git.kernel.org/stable/c/d8a541906860aa3519b1874780d933c766918a7c
- https://git.kernel.org/stable/c/e27b58095d7d3ac72f230e318838dee956258460
- https://git.kernel.org/stable/c/fe1f80f8f6e8611ac6349b9d464e8750443390cf