Linux Kernel: NULL Pointer Deref in DRM Client Modeset Probe
CVE-2026-23366 Published on March 25, 2026
drm/client: Do not destroy NULL modes
In the Linux kernel, the following vulnerability has been resolved:
drm/client: Do not destroy NULL modes
'modes' in drm_client_modeset_probe may fail to kcalloc. If this
occurs, we jump to 'out', calling modes_destroy on it, which
dereferences it. This may result in a NULL pointer dereference in the
error case. Prevent that.
Products Associated with CVE-2026-23366
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 3039cc0c0653c6e15130a8719c3237329a954670 and below 4e3ca5f82346cc23c0a71f1ceb006115ff6b0745 is affected.
- Version 3039cc0c0653c6e15130a8719c3237329a954670 and below 9aa3e33f0c7f2679ac599a09e3102c8f716a6321 is affected.
- Version 3039cc0c0653c6e15130a8719c3237329a954670 and below c601fd5414315fc515f746b499110e46272e7243 is affected.
- Version 6.16 is affected.
- Before 6.16 is unaffected.
- Version 6.18.17, <= 6.18.* is unaffected.
- Version 6.19.7, <= 6.19.* is unaffected.
- Version 7.0-rc2, <= * is unaffected.