{"id":"CVE-2026-53356","summary":"drm/i915/gem: Fix phys BO pread/pwrite with offset","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Fix phys BO pread/pwrite with offset\n\nsg_page() returns struct page pointer not (void *) so the scaling\nof pread/pwrite is wrong for phys BO and wrong parts of BO would be\naccessed if non-zero offset is used.\n\nLast impacted platform with overlay or cursor planes using phys\nmapping was Gen3/945G/Lakeport.\n\n(cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)","modified":"2026-07-08T08:09:47.302238243Z","published":"2026-07-01T13:32:31.428Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53356.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/07c33be968d9e0cab6cba38c81850a09942fcb2e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/14469860e2e39b7095dcd658d2bad38a11110a68"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ec8fc63e9cdb22da54e48e536c9204020416fc6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/32d4c5d328a3ff995420f4f85163e1e403f43628"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3bd168dd835b93a3862cd05b0d13c432b115f9d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/40f738991058eb3e3530c3006a5bd6fd5e29f035"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d21ad938398bca695a511307de38a65889e3b354"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd51a2eeb93bc6faa892ff9083911dd23f82c187"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53356.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53356"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c6790dc22312f592c1434577258b31c48c72d52a"},{"fixed":"40f738991058eb3e3530c3006a5bd6fd5e29f035"},{"fixed":"1ec8fc63e9cdb22da54e48e536c9204020416fc6"},{"fixed":"14469860e2e39b7095dcd658d2bad38a11110a68"},{"fixed":"07c33be968d9e0cab6cba38c81850a09942fcb2e"},{"fixed":"3bd168dd835b93a3862cd05b0d13c432b115f9d6"},{"fixed":"32d4c5d328a3ff995420f4f85163e1e403f43628"},{"fixed":"dd51a2eeb93bc6faa892ff9083911dd23f82c187"},{"fixed":"d21ad938398bca695a511307de38a65889e3b354"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53356.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.7.0"},{"fixed":"5.10.259"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.210"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.176"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.143"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.94"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.36"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53356.json"}}],"schema_version":"1.7.5"}