CVE-2026-53213 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc() memory leak Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter: MEM = krealloc(MEM, SZ, GFP); If krealloc() returns NULL, that erases the pointer to the still allocated memory, hence leaks this memory. Instead, use a temporary variable, check it's not NULL and only then assign it to the original pointer: TMP = krealloc(MEM, SZ, GFP); if (!TMP) return; MEM = TMP; While on it, use krealloc_array().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://git.kernel.org/stable/c/02f5e4db57c0cdd7bac89d503b301a093a0fa95c
https://git.kernel.org/stable/c/30165a09f76eaf34951c818eb5d9d6e4771d76f6
https://git.kernel.org/stable/c/4fc692dc6df5bc777cc1bcebf95179e28594875f
https://git.kernel.org/stable/c/5d563a5da8717629ae72f9eadf1e0e340bd1658b
https://git.kernel.org/stable/c/c034aa0b1ba5f49cbdf8ef193d6ec714d74aac27
https://git.kernel.org/stable/c/e0ce103e89d61eef70edc1d1ae3bfd4c0aacbc2e
https://git.kernel.org/stable/c/fd87d6966041e33ef7d2e5dc59f9a52b71c6ae5f

History

Thu, 25 Jun 2026 11:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/vc4: fix krealloc() memory leak Don't just overwrite the original pointer passed to krealloc() with its return value without checking latter: MEM = krealloc(MEM, SZ, GFP); If krealloc() returns NULL, that erases the pointer to the still allocated memory, hence leaks this memory. Instead, use a temporary variable, check it's not NULL and only then assign it to the original pointer: TMP = krealloc(MEM, SZ, GFP); if (!TMP) return; MEM = TMP; While on it, use krealloc_array().
Title		drm/vc4: fix krealloc() memory leak
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/02f5e4db57c0cdd7bac89d503b301a093a0fa95c https://git.kernel.org/stable/c/30165a09f76eaf34951c818eb5d9d6e4771d76f6 https://git.kernel.org/stable/c/4fc692dc6df5bc777cc1bcebf95179e28594875f https://git.kernel.org/stable/c/5d563a5da8717629ae72f9eadf1e0e340bd1658b https://git.kernel.org/stable/c/c034aa0b1ba5f49cbdf8ef193d6ec714d74aac27 https://git.kernel.org/stable/c/e0ce103e89d61eef70edc1d1ae3bfd4c0aacbc2e https://git.kernel.org/stable/c/fd87d6966041e33ef7d2e5dc59f9a52b71c6ae5f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:17.552Z

Updated: 2026-06-25T08:39:17.552Z

Reserved: 2026-06-09T07:44:35.392Z

Link: CVE-2026-53213

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T11:30:06Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object