2492455 – (CVE-2026-53068) CVE-2026-53068 kernel: drm/komeda: fix integer overflow in AFBC framebuffer size check

Bug 2492455 (CVE-2026-53068) - CVE-2026-53068 kernel: drm/komeda: fix integer overflow in AFBC framebuffer size check

Summary: CVE-2026-53068 kernel: drm/komeda: fix integer overflow in AFBC framebuffer s...

Keywords:
Status:	NEW
Alias:	CVE-2026-53068
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-24 18:13 UTC by OSIDB Bzimport
Modified:	2026-06-25 08:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-24 18:13:01 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/komeda: fix integer overflow in AFBC framebuffer size check

The AFBC framebuffer size validation calculates the minimum required
buffer size by adding the AFBC payload size to the framebuffer offset.
This addition is performed without checking for integer overflow.

If the addition oveflows, the size check may incorrectly succed and
allow userspace to provide an undersized drm_gem_object, potentially
leading to out-of-bounds memory access.

Add usage of check_add_overflow() to safely compute the minimum
required size and reject the framebuffer if an overflow is detected.
This makes the AFBC size validation more robust against malformed.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Comment 1 Mauro Matteo Cascella 2026-06-25 08:27:07 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062404-CVE-2026-53068-a99a@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.