CVE-2026-23366

MEDIUM EPSS 2.2%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference in the error case. Prevent that.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.16.1  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel6.16any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/4e3ca5f82346cc23c0a71f1ceb006115ff6b0745
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aa3e33f0c7f2679ac599a09e3102c8f716a6321
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c601fd5414315fc515f746b499110e46272e7243
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4e3ca5f82346cc23c0a71f1ceb006115ff6b0745
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aa3e33f0c7f2679ac599a09e3102c8f716a6321
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c601fd5414315fc515f746b499110e46272e7243
    Patch