CVE-2026-23366

Опубликовано: 25 мар. 2026

Источник: redhat

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out', calling modes_destroy on it, which dereferences it. This may result in a NULL pointer dereference in the error case. Prevent that.

A flaw was found in the Linux kernel's Direct Rendering Manager (DRM) client component. This vulnerability occurs when the system attempts to destroy an uninitialized memory pointer, specifically the 'modes' variable within the drm_client_modeset_probe function, after a memory allocation failure. This can lead to a NULL pointer dereference, potentially causing system instability or a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-824

https://bugzilla.redhat.com/show_bug.cgi?id=2451257kernel: drm/client: Do not destroy NULL modes

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2026-23366

nvd

9 дней назад

CVE-2026-23366

debian

9 дней назад

In the Linux kernel, the following vulnerability has been resolved: d ...

GHSA-m3rw-wqqm-pcwv

github

9 дней назад

5.5 Medium

CVSS3