Skip to main content

Linux EUVDEUVD-2026-15348

| CVE-2026-23366 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-25 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15348
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/client: Do not destroy NULL modes

'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference in the error case. Prevent that.

AnalysisAI

A NULL pointer dereference vulnerability exists in the Linux kernel's DRM client subsystem within the drm_client_modeset_probe function. When memory allocation for the 'modes' variable fails via kcalloc, the error handling path incorrectly attempts to destroy a NULL pointer, leading to a kernel panic or denial of service. This affects all Linux kernel versions containing this vulnerable code path in the DRM display driver subsystem.

Technical ContextAI

The vulnerability resides in the Direct Rendering Manager (DRM) client code, specifically in the drm_client_modeset_probe function which handles display mode detection and configuration. DRM is a core Linux kernel subsystem responsible for graphics hardware abstraction and display management. The root cause is improper NULL pointer validation in error handling (CWE-476: NULL Pointer Dereference). When kcalloc fails to allocate memory for the modes array, the code jumps to an error label ('out') that invokes modes_destroy without first verifying the pointer is valid. This is a classic memory management error where the cleanup routine does not account for partially initialized state.

RemediationAI

Update the Linux kernel to a patched version containing one of the three commits addressing this vulnerability: 4e3ca5f82346cc23c0a71f1ceb006115ff6b0745, 9aa3e33f0c7f2679ac599a09e3102c8f716a6321, or c601fd5414315fc515f746b499110e46272e7243. The fix adds proper NULL pointer validation in the error cleanup path before calling modes_destroy. Consult your Linux distribution's security advisories (Ubuntu Security Notices, Red Hat Security Advisories, etc.) to identify the specific kernel version available in your distribution that includes this patch. Until patching is completed, minimize the triggering of display mode probing or disable dynamic display enumeration if your hardware and use case permit.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15348 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy