CVE-2026-31753 - Vulnerability Details

- auxdisplay: line-display: fix NULL dereference in linedisp_release

Description

In the Linux kernel, the following vulnerability has been resolved:

auxdisplay: line-display: fix NULL dereference in linedisp_release

linedisp_release() currently retrieves the enclosing struct linedisp via
to_linedisp(). That lookup depends on the attachment list, but the
attachment may already have been removed before put_device() invokes the
release callback. This can happen in linedisp_unregister(), and can also
be reached from some linedisp_register() error paths.

In that case, to_linedisp() returns NULL and linedisp_release()
dereferences it while freeing the display resources.

The struct device released here is the embedded linedisp->dev used by
linedisp_register(), so retrieve the enclosing object directly with
container_of() instead.

Published: 2026-05-01

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises when the function that frees a device resource dereferences a null pointer, causing the kernel to crash. The problematic code is executed during the device release phase, potentially during normal operation or error handling paths. A kernel crash may compromise system availability and could allow further exploitation by a privileged attacker to gain unauthorized control.

Affected Systems

The flaw is present in the Linux kernel itself, with no specific version information provided. All Linux kernel deployments that include the auxdisplay and line-display subsystems are affected until the patch is applied.

Risk and Exploitability

The risk of exploitation is high because a null dereference in kernel space can lead to a denial‑of‑service or crash the entire system. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the nature of the bug suggests that an attacker with sufficient privilege to trigger the release path could destabilize the target. The likely attack vector is a local or privileged process that can invoke the problematic release through device removal or error handling paths, and it is inferred that the flaw does not allow remote exploitation without prior privileged execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`66c93809487e62c4f59ef08625a3fbc0a7de6dd2`	affected	< 625fdac41cfc4ca9e1774a0d31d7985aec2c1d66
`66c93809487e62c4f59ef08625a3fbc0a7de6dd2`	affected	< 7f138de156b20d9f9da6f72f90b63c01941d97d3

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[66c93809487e62c4f59ef08625a3fbc0a7de6dd2,625fdac41cfc4ca9e1774a0d31d7985aec2c1d66)`	affected	code_commit	—
`[66c93809487e62c4f59ef08625a3fbc0a7de6dd2,7f138de156b20d9f9da6f72f90b63c01941d97d3)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.19.12,6.20.0)`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an updated Linux kernel that contains the fix for the NULL dereference in linedisp_release
Reboot the system into the updated kernel to ensure the new release code is active
If an immediate kernel upgrade is not possible, consider disabling the auxdisplay subsystem or preventing device deregistration during normal operation until the patch can be applied

Generated by OpenCVE AI on May 1, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/625fdac41cfc4ca9e1774a0d31d7985aec2c1d66
https://git.kernel.org/stable/c/7f138de156b20d9f9da6f72f90b63c01941d97d3
https://lore.kernel.org/linux-cve-announce/2026050143-CVE-2026-31753-cec6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31753
https://www.cve.org/CVERecord?id=CVE-2026-31753

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050143-CVE-2026-31753-cec6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31753 https://www.cve.org/CVERecord?id=CVE-2026-31753

Fri, 01 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.
Title		auxdisplay: line-display: fix NULL dereference in linedisp_release
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/625fdac41cfc4ca9e1774a0d31d7985aec2c1d66 https://git.kernel.org/stable/c/7f138de156b20d9f9da6f72f90b63c01941d97d3

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:44.953Z

Updated: 2026-05-01T14:14:44.953Z

Reserved: 2026-03-09T15:48:24.139Z

Link: CVE-2026-31753

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:38.223

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31753

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31753 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-01T23:30:06Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object