CVE-2026-23366

MEDIUM

drm/client: Do not destroy NULL modes

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference in the error case. Prevent that.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/4e3ca5f82346cc23c0a71f1ceb006115ff6b0745

https://git.kernel.org/stable/c/9aa3e33f0c7f2679ac599a09e3102c8f716a6321

https://git.kernel.org/stable/c/c601fd5414315fc515f746b499110e46272e7243

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 6.16.0 - 6.18.17linux

linux/Kernel 6.19.0 - 6.19.7linux

Linux/Linux < 6.16

Linux/Linux 3039cc0c0653c6e15130a8719c3237329a954670 - 4e3ca5f82346cc23c0a71f1ceb006115ff6b0745

Linux/Linux 3039cc0c0653c6e15130a8719c3237329a954670 - 9aa3e33f0c7f2679ac599a09e3102c8f716a6321

Linux/Linux 3039cc0c0653c6e15130a8719c3237329a954670 - c601fd5414315fc515f746b499110e46272e7243

Linux/Linux 6.16

Linux/Linux 6.18.17 - 6.18.*

Linux/Linux 6.19.7 - 6.19.*

Linux/Linux 7.0

... and 4 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026