Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Use krealloc_array() in dal_vector_reserve()

[Why & How]
dal_vector_reserve() computes the allocation size as
"capacity * vector->struct_size" using uint32_t arithmetic, which can
silently wrap to a small value on overflow. This would cause krealloc to
return a smaller buffer than expected, leading to heap overflows on
subsequent vector appends.

Replace krealloc() with krealloc_array() which performs an internal
overflow check and returns NULL on wrap, preventing the issue.

(cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)
Published: 2026-07-01
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sat, 04 Jul 2026 12:15:00 +0000


Thu, 02 Jul 2026 00:15:00 +0000


Wed, 01 Jul 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680

Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680

Wed, 01 Jul 2026 13:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_reserve() [Why & How] dal_vector_reserve() computes the allocation size as "capacity * vector->struct_size" using uint32_t arithmetic, which can silently wrap to a small value on overflow. This would cause krealloc to return a smaller buffer than expected, leading to heap overflows on subsequent vector appends. Replace krealloc() with krealloc_array() which performs an internal overflow check and returns NULL on wrap, preventing the issue. (cherry picked from commit 37668568641ccc4cc1dbca4923d0a16609dd5707)
Title drm/amd/display: Use krealloc_array() in dal_vector_reserve()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-04T11:51:06.905Z

Reserved: 2026-06-09T07:44:35.398Z

Link: CVE-2026-53329

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-07-01T00:00:00Z

Links: CVE-2026-53329 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T14:00:03Z

Weaknesses