CVE-2026-53356
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix phys BO pread/pwrite with offset
sg_page() returns struct page pointer not (void *) so the scaling
of pread/pwrite is wrong for phys BO and wrong parts of BO would be
accessed if non-zero offset is used.
Last impacted platform with overlay or cursor planes using phys
mapping was Gen3/945G/Lakeport.
(cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)
Metadata
Severity & Metrics
No CVSS data available.
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Linux | Linux | — | c6790dc22312f592c1434577258b31c48c72d52a < 40f738991058eb3e3530c3006a5bd6fd5e29f035, c6790dc22312f592c1434577258b31c48c72d52a < 1ec8fc63e9cdb22da54e48e536c9204020416fc6, c6790dc22312f592c1434577258b31c48c72d52a < 14469860e2e39b7095dcd658d2bad38a11110a68, c6790dc22312f592c1434577258b31c48c72d52a < 07c33be968d9e0cab6cba38c81850a09942fcb2e … |
| Linux | Linux | — | 5.7, 0 < 5.7, 5.10.259 ≤ 5.10.*, 5.15.210 ≤ 5.15.* … |
References (8)
- https://git.kernel.org/stable/c/40f738991058eb3e3530c3006a5bd6fd5e29f035
- https://git.kernel.org/stable/c/1ec8fc63e9cdb22da54e48e536c9204020416fc6
- https://git.kernel.org/stable/c/14469860e2e39b7095dcd658d2bad38a11110a68
- https://git.kernel.org/stable/c/07c33be968d9e0cab6cba38c81850a09942fcb2e
- https://git.kernel.org/stable/c/3bd168dd835b93a3862cd05b0d13c432b115f9d6
- https://git.kernel.org/stable/c/32d4c5d328a3ff995420f4f85163e1e403f43628
- https://git.kernel.org/stable/c/dd51a2eeb93bc6faa892ff9083911dd23f82c187
- https://git.kernel.org/stable/c/d21ad938398bca695a511307de38a65889e3b354