CVE-2026-43123
Awaiting Analysis Awaiting Analysis - Queue
Null Pointer Dereference in Linux Kernel Framebuffer Console

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fb_acquire_newinfo() If fbcon_open() fails when called from con2fb_acquire_newinfo() then info->fbcon_par pointer remains NULL which is later dereferenced. Add check for return value of the function con2fb_acquire_newinfo() to avoid it. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-06
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43123
EUVD
EUVD-2026-27684
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's framebuffer console (fbcon) component. Specifically, when the function fbcon_open() fails during a call from con2fb_acquire_newinfo(), a pointer named fbcon_par remains NULL. Later in the code, this NULL pointer is dereferenced, which can lead to undefined behavior or a system crash. The issue is fixed by adding a check for the return value of con2fb_acquire_newinfo() to prevent dereferencing a NULL pointer.


How can this vulnerability impact me? :

The impact of this vulnerability is that it can cause the Linux kernel to dereference a NULL pointer, potentially leading to a system crash or instability. This could result in denial of service (DoS) conditions where the affected system becomes unresponsive or requires a reboot.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart