CVE-2026-53356
Published Jul 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg_page() returns struct page pointer not (void *) so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted platform with overlay or cursor planes using phys mapping was Gen3/945G/Lakeport. (cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)
EPSS — Exploit Prediction
0.0016
Probability of exploitation
0.06%
Percentile rank
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
References
Other References
https://git.kernel.org/stable/c/07c33be968d9e0cab6cba38c81850a09942fcb2e
https://git.kernel.org/stable/c/14469860e2e39b7095dcd658d2bad38a11110a68
https://git.kernel.org/stable/c/1ec8fc63e9cdb22da54e48e536c9204020416fc6
https://git.kernel.org/stable/c/32d4c5d328a3ff995420f4f85163e1e403f43628
https://git.kernel.org/stable/c/3bd168dd835b93a3862cd05b0d13c432b115f9d6
https://git.kernel.org/stable/c/40f738991058eb3e3530c3006a5bd6fd5e29f035
https://git.kernel.org/stable/c/d21ad938398bca695a511307de38a65889e3b354
https://git.kernel.org/stable/c/dd51a2eeb93bc6faa892ff9083911dd23f82c187
Frequently Asked Questions
What is CVE-2026-53356? +
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix phys BO pread/pwrite with offset
sg_page() returns struct page pointer not (void *) so the scaling
of pread/pwrite is wrong for phys BO and wrong parts of BO would be
accessed if non-zero offset is used.
Last impacted platform with overlay or cursor planes using phys
mapping was Gen3/945G/Lakeport.
(cherry picked from commit 3e49a2f85070b2fb672c1e0fdba281a4ea3aebe6)
How do I check if I'm vulnerable to CVE-2026-53356? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.