Untrusted Pointer Dereference in Linux kernel - CVE-2026-45958
Published: May 28, 2026
Vulnerability identifier: #VU132531
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45958
CWE-ID: CWE-822
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to access arbitrary kernel memory.
The vulnerability exists due to improper access of a user pointer in vidi_connection_ioctl() when handling a user-supplied edid pointer. A local user can supply a crafted pointer to access arbitrary kernel memory.
How to mitigate CVE-2026-45958
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/13537f7f6d28a87ee2e496e071b6ad9541905f23
- https://git.kernel.org/stable/c/235d702b771416b8a61e81bb09ba39282e4268fd
- https://git.kernel.org/stable/c/2e147aa3169b83eaf044776f81d86235bf147de1
- https://git.kernel.org/stable/c/4949e32387fe315b59ad5f422c9fc52836fbdd1e
- https://git.kernel.org/stable/c/4c4193829109f38b2855de77981adc2e066286c7
- https://git.kernel.org/stable/c/7efb6a4e6b1b523e744d17e6249757ed97caae7c
- https://git.kernel.org/stable/c/c2914c0ca7557c6c5c845621cb6d6c9f26ab5a8c
- https://git.kernel.org/stable/c/d4c98c077c7fb2dfdece7d605e694b5ea2665085