CVE-2026-23039

Published: Jan 31, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every display disconnect. Add guards for those dereferences.

Vendor	Product	Versions
Linux	Linux	affected `73cfd166e045769a1b42d36897accaa6e06b8102 - < a255ec07f91d4c73a361a28b7a3d82f5710245f1` affected `73cfd166e045769a1b42d36897accaa6e06b8102 - < dc2d5ddb193e363187bae2ad358245642d2721fb`
Linux	Linux	affected `6.18` unaffected `0 - < 6.18` unaffected `6.18.7 - <= 6.18.` unaffected `6.19 - <= `

References

https://git.kernel.org/stable/c/a255ec07f91d4c73a361a28b7a3d82f5710245f1

https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23039

Description

Affected Products

References