Vulnerability Details CVE-2026-23149
In the Linux kernel, the following vulnerability has been resolved:
drm: Do not allow userspace to trigger kernel warnings in drm_gem_change_handle_ioctl()
Since GEM bo handles are u32 in the uapi and the internal implementation
uses idr_alloc() which uses int ranges, passing a new handle larger than
INT_MAX trivially triggers a kernel warning:
idr_alloc():
...
if (WARN_ON_ONCE(start < 0))
return -EINVAL;
...
Fix it by rejecting new handles above INT_MAX and at the same time make
the end limit calculation more obvious by moving into int domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.3%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2026-23149
-
cpe:2.3:o:linux:linux_kernel:6.18
-
cpe:2.3:o:linux:linux_kernel:6.18.1
-
cpe:2.3:o:linux:linux_kernel:6.18.2
-
cpe:2.3:o:linux:linux_kernel:6.18.3
-
cpe:2.3:o:linux:linux_kernel:6.18.4
-
cpe:2.3:o:linux:linux_kernel:6.18.5
-
cpe:2.3:o:linux:linux_kernel:6.18.6
-
cpe:2.3:o:linux:linux_kernel:6.18.7
-
cpe:2.3:o:linux:linux_kernel:6.18.8
-
cpe:2.3:o:linux:linux_kernel:6.19