CVE-2026-23366

Published: Mar 25, 2026Modified: Apr 24, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference in the error case. Prevent that.

Affected (10)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.16.1 to 6.18.17
Linux Linux Kernel	From 6.19 to 6.19.7
Linux Linux Kernel	Version 6.16
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2
Linux Linux Kernel	Version 7.0 rc3
Linux Linux Kernel	Version 7.0 rc4
Linux Linux Kernel	Version 7.0 rc5
Linux Linux Kernel	Version 7.0 rc6
Linux Linux Kernel	Version 7.0 rc7

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (3)

https://git.kernel.org/stable/c/4e3ca5f82346cc23c0a71f1ceb006115ff6b0745

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9aa3e33f0c7f2679ac599a09e3102c8f716a6321

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c601fd5414315fc515f746b499110e46272e7243

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.