CVE-2026-53213

Source
https://cve.org/CVERecord?id=CVE-2026-53213
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53213.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53213
Downstream
Related
Published
2026-06-25T08:39:17.552Z
Modified
2026-07-08T08:13:44.769878081Z
Summary
drm/vc4: fix krealloc() memory leak
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: fix krealloc() memory leak

Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter:

MEM = krealloc(MEM, SZ, GFP);

If krealloc() returns NULL, that erases the pointer to the still allocated memory, hence leaks this memory. Instead, use a temporary variable, check it's not NULL and only then assign it to the original pointer:

TMP = krealloc(MEM, SZ, GFP);
if (!TMP) return;
MEM = TMP;

While on it, use krealloc_array().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53213.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6d45c81d229d71da54d374143e7d6abad4c0cf31
Fixed
30165a09f76eaf34951c818eb5d9d6e4771d76f6
Fixed
fd87d6966041e33ef7d2e5dc59f9a52b71c6ae5f
Fixed
e0ce103e89d61eef70edc1d1ae3bfd4c0aacbc2e
Fixed
c034aa0b1ba5f49cbdf8ef193d6ec714d74aac27
Fixed
02f5e4db57c0cdd7bac89d503b301a093a0fa95c
Fixed
4fc692dc6df5bc777cc1bcebf95179e28594875f
Fixed
5d563a5da8717629ae72f9eadf1e0e340bd1658b

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53213.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53213.json"