HOMEVULNERABILITIESCVE-2026-23227
NONE

CVE-2026-23227

Published: February 18, 2026· Updated: Feb 23, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free

Exynos Virtual Display driver performs memory alloc/free operations

without lock protection, which easily causes concurrency problem.

For example, use-after-free can occur in race scenario like this:

```

CPU0 CPU1 CPU2

---- ---- ----

vidi_connection_ioctl()

if (vidi->connection) // true

drm_edid = drm_edid_alloc(); // alloc drm_edid

...

ctx->raw_edid = drm_edid;

...

drm_mode_getconnector()

drm_helper_probe_single_connector_modes()

vidi_get_modes()

if (ctx->raw_edid) // true

drm_edid_dup(ctx->raw_edid);

if (!drm_edid) // false

...

vidi_connection_ioctl()

if (vidi->connection) // false

drm_edid_free(ctx->raw_edid); // free drm_edid

...

drm_edid_alloc(drm_edid->edid)

kmemdup(edid); // UAF!!

...

```

To prevent these vulns, at least in vidi_context, member variables related

to memory alloc/free should be protected with ctx->lock.

NVD Source

Technical Analysis

CVE-2026-23227 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-23227
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 18, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23227 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.