CVE-2026-53356

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gem: Fix phys BO pread/pwrite with offset

sg_page() returns struct page pointer not (void *) so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used.

Last impacted platform with overlay or cursor planes using phys mapping was Gen3/945G/Lakeport.

(cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < 40f738991058eb3e3530c3006a5bd6fd5e29f035affected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < 1ec8fc63e9cdb22da54e48e536c9204020416fc6affected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < 14469860e2e39b7095dcd658d2bad38a11110a68affected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < 07c33be968d9e0cab6cba38c81850a09942fcb2eaffected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < 3bd168dd835b93a3862cd05b0d13c432b115f9d6affected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < 32d4c5d328a3ff995420f4f85163e1e403f43628affected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < dd51a2eeb93bc6faa892ff9083911dd23f82c187affected
LinuxLinuxc6790dc22312f592c1434577258b31c48c72d52a < d21ad938398bca695a511307de38a65889e3b354affected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.259 <= 5.10.*unaffected
LinuxLinux5.15.210 <= 5.15.*unaffected
LinuxLinux6.1.176 <= 6.1.*unaffected
LinuxLinux6.6.143 <= 6.6.*unaffected
LinuxLinux6.12.94 <= 6.12.*unaffected
LinuxLinux6.18.36 <= 6.18.*unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References