CVE-2026-31753

Published: May 1, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.

Vendor	Product	Versions
Linux	Linux	affected `66c93809487e62c4f59ef08625a3fbc0a7de6dd2 - < 625fdac41cfc4ca9e1774a0d31d7985aec2c1d66` affected `66c93809487e62c4f59ef08625a3fbc0a7de6dd2 - < 7f138de156b20d9f9da6f72f90b63c01941d97d3`
Linux	Linux	affected `6.19` unaffected `0 - < 6.19` unaffected `6.19.12 - <= 6.19.` unaffected `7.0 - <= `

References

https://git.kernel.org/stable/c/625fdac41cfc4ca9e1774a0d31d7985aec2c1d66

https://git.kernel.org/stable/c/7f138de156b20d9f9da6f72f90b63c01941d97d3

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31753

Description

Affected Products

References