CVE-2026-53135

Source
https://cve.org/CVERecord?id=CVE-2026-53135
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53135.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53135
Downstream
Related
Published
2026-06-25T08:38:24.216Z
Modified
2026-07-09T18:29:36.060984111Z
Summary
drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs

[Why & How] dpsdpmessagedebugfswrite() dereferences connector->base.state->crtc without checking for NULL. A connector can be connected but not bound to any CRTC (e.g. after hot-plug before the next atomic commit), causing a kernel crash when writing to the sdp_message debugfs node.

The function also ignores the user-provided size argument and always passes 36 bytes to copyfromuser(), reading past the user buffer when size < 36.

Fix both issues by: - Returning -ENODEV when connector->base.state or state->crtc is NULL - Clamping write_size to min(size, sizeof(data))

(cherry picked from commit 6ab4c36a522842ff70474a1c0af2e40e50fc8300)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53135.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c7ba3653e9773256b2b08508a2ed2ca28ea7566b
Fixed
ee9cfcf77a8e8af637396dc00966df5f701e661c
Fixed
b781f90a9528555c709e59789550893581ef0be4
Fixed
a2de1d71891a038a9346b2c1a72b88c8350f2479
Fixed
7fc4fab4acc307ad2903312c195872b2953d32c3
Fixed
7ae95c0275c330b5dbae806f8e431720edad776f
Fixed
bb6f705b73b5f191f14ad004e2c8c4b615806187
Fixed
c90954cdea4d6998ec345de0d840d030c145b89e
Fixed
adf67034b1f61f7119295208085bfd43f85f56af

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53135.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53135.json"