CVE-2026-23039

Linux Kernel 6.18-6.18.6 - Denial of Service via NULL Pointer Dereference in DRM GUD

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every display disconnect. Add guards for those dereferences.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/a255ec07f91d4c73a361a28b7a3d82f5710245f1

Patch

https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb

Scores

EPSS 0.0001

EPSS Percentile 1.6%

Details

Status published

Products (7)

linux/Kernel 6.18.0 - 6.18.7linux

Linux/Linux < 6.18

Linux/Linux 6.18

Linux/Linux 6.18.7 - 6.18.*

Linux/Linux 6.19

Linux/Linux 73cfd166e045769a1b42d36897accaa6e06b8102 - a255ec07f91d4c73a361a28b7a3d82f5710245f1

Linux/Linux 73cfd166e045769a1b42d36897accaa6e06b8102 - dc2d5ddb193e363187bae2ad358245642d2721fb

Published Jan 31, 2026

Tracked Since Feb 18, 2026