CVE-2026-31753
NULL Dereference in Linux Kernel Auxdisplay Line-Display
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's auxdisplay line-display component. Specifically, the function linedisp_release() attempts to retrieve a structure called linedisp using a helper function to_linedisp(). However, this retrieval depends on an attachment list that may have already been removed before linedisp_release() is called. When the attachment is missing, to_linedisp() returns NULL, and linedisp_release() then dereferences this NULL pointer while trying to free display resources, leading to a NULL pointer dereference.
The issue occurs because linedisp_release() relies on an attachment list that might no longer exist due to prior removal during linedisp_unregister() or certain error paths in linedisp_register(). The fix involves retrieving the enclosing object directly using container_of() instead of relying on the attachment list.
How can this vulnerability impact me? :
This vulnerability can cause a NULL pointer dereference in the Linux kernel, which typically results in a kernel crash or system instability. Such a crash could lead to denial of service (DoS) conditions where the affected system becomes unresponsive or requires a reboot.