Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53378— drm/colorop: Fix blob property reference tracking in state lifecycle

AI Predicted 5.5 Difficulty: Trivial

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service

Affected Version Matrix 6

VendorProductVersion RangeStatus
LinuxLinuxcfc27680ee208cdf7a61cda817b4158c4142595f< 271059f1d9020e9ac967524e319fbbaa22d0475baffected
cfc27680ee208cdf7a61cda817b4158c4142595f< 235b333e2878d791cee09e1e72f44611a9400114affected
6.19affected
< 6.19unaffected
7.0.9≤ 7.0.*unaffected
7.1≤ *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53378

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
drm/colorop: Fix blob property reference tracking in state lifecycle
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/colorop: Fix blob property reference tracking in state lifecycle The colorop state blob property handling had memory leaks during state duplication, destruction, and reset operations. The implementation failed to follow the established pattern from drm_crtc's handling of DEGAMMA/GAMMA blob properties. Issues fixed: - drm_colorop_atomic_destroy_state() was freeing state memory without releasing the blob reference, causing a leak - drm_colorop_reset() was directly freeing old state with kfree() instead of properly destroying it, leaking blob references - drm_colorop_cleanup() had duplicate blob cleanup code Changes: - Add __drm_atomic_helper_colorop_destroy_state() helper to properly release blob references before freeing state memory - Update drm_colorop_atomic_destroy_state() to call the helper - Fix drm_colorop_reset() to use drm_colorop_atomic_destroy_state() for proper cleanup of old state - Simplify drm_colorop_cleanup() to use the common destruction path This matches the well-tested pattern used by drm_crtc since 2016 and ensures proper reference counting throughout the state lifecycle. Co-developed by Claude Sonnet 4.5.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux cfc27680ee208cdf7a61cda817b4158c4142595f ~ 271059f1d9020e9ac967524e319fbbaa22d0475b -
LinuxLinux 6.19 -

II. Public POCs for CVE-2026-53378

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53378

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53378 (2)

Same Patch Batch · Linux · 2026-07-19 · 431 CVEs total

CVE-2026-63905usbip: vudc: Fix use after free bug in vudc_remove due to race condition
CVE-2026-63891thunderbolt: property: Cap recursion depth in __tb_property_parse_dir()
CVE-2026-63892thunderbolt: property: Reject dir_len < 4 to prevent size_t underflow
CVE-2026-63893thunderbolt: property: Reject u32 wrap in tb_property_entry_valid()
CVE-2026-63895usb: gadget: f_fs: copy only received bytes on short ep0 read
CVE-2026-63894usb: gadget: f_fs: serialize DMABUF cancel against request completion
CVE-2026-63896usb: gadget: composite: fix integer underflow in WebUSB GET_URL handling
CVE-2026-63897USB: serial: mct_u232: fix missing interrupt-in transfer sanity check
CVE-2026-63898USB: serial: mct_u232: fix memory corruption with small endpoint
CVE-2026-63899USB: serial: mxuport: fix memory corruption with small endpoint
CVE-2026-63900USB: serial: keyspan: fix missing indat transfer sanity check
CVE-2026-63901USB: serial: digi_acceleport: fix memory corruption with small endpoints
CVE-2026-63902USB: serial: cypress_m8: validate interrupt packet headers
CVE-2026-63903USB: serial: belkin_sa: validate interrupt status length
CVE-2026-63914xfrm: route MIGRATE notifications to caller's netns
CVE-2026-63911xfrm: iptfs: reset runtime state when cloning SAs
CVE-2026-63912xfrm: esp: restore combined single-frag length gate
CVE-2026-63913netfilter: conntrack: tcp: do not force CLOSE on invalid-seq RST without direction check
CVE-2026-63910dma-buf: fix UAF in dma_buf_fd() tracepoint
CVE-2026-63915nfc: hci: fix out-of-bounds read in HCP header parsing

Showing top 20 of 431 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53378

No comments yet


Leave a comment