CVE-2026-45958

HIGHNVD 7.1

7.1

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: fix to avoid directly dereferencing user pointer

In vidi_connection_ioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel.

This allows arbitrary kernel memory access from the user space, so instead of directly accessing the user pointer in the kernel, we should modify it to copy edid to kernel memory using copy_from_user() and use it.

CVSS v3: 7.1
EG Score: 0.0(none)
EPSS: 1.9%
KEV: Not listed

Published

May 27, 2026

Last Modified

May 30, 2026

References (8)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/13537f7f6d28a87ee2e496e071b6ad9541905f23
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/235d702b771416b8a61e81bb09ba39282e4268fd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2e147aa3169b83eaf044776f81d86235bf147de1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4949e32387fe315b59ad5f422c9fc52836fbdd1e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4c4193829109f38b2855de77981adc2e066286c7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7efb6a4e6b1b523e744d17e6249757ed97caae7c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c2914c0ca7557c6c5c845621cb6d6c9f26ab5a8c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d4c98c077c7fb2dfdece7d605e694b5ea2665085

Vendor Advisories for CVE-2026-45958(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 9× in last 7d / 9× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-05-31 22:30 UTCepss_batch
2026-05-31 22:30 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-27 14:15 UTCEG score recompute

Frequently asked(5)

What is CVE-2026-45958?

CVE-2026-45958 is a high vulnerability published on May 27, 2026. In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: fix to avoid directly dereferencing user pointer In vidiconnectionioctl(), vidi->edid(user pointer) is directly dereferenced in the kernel. This allows arbitrary kernel memory access from the user space, so…

When was CVE-2026-45958 disclosed?

CVE-2026-45958 was first published in the National Vulnerability Database on May 27, 2026, with the most recent update on May 30, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-45958 actively exploited?

CVE-2026-45958 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 1.9% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2026-45958?

CVE-2026-45958 has a CVSS v3 base score of 7.1 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 0.0.

How do I remediate CVE-2026-45958?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-45958, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-45958

Explore →

Is Your Infrastructure Affected by CVE-2026-45958?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-45958

📅 Published

🔄 Last Modified

🔗 References (8)

📣 Vendor Advisories for CVE-2026-45958(2)