CVE-2026-53356

EUVD-2026-40990
In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gem: Fix phys BO pread/pwrite with offset

sg_page() returns struct page pointer not (void *) so the scaling
of pread/pwrite is wrong for phys BO and wrong parts of BO would be
accessed if non-zero offset is used.

Last impacted platform with overlay or cursor planes using phys
mapping was Gen3/945G/Lakeport.

(cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---