Description
In the Linux kernel, the following vulnerability has been resolved:

auxdisplay: line-display: fix NULL dereference in linedisp_release

linedisp_release() currently retrieves the enclosing struct linedisp via
to_linedisp(). That lookup depends on the attachment list, but the
attachment may already have been removed before put_device() invokes the
release callback. This can happen in linedisp_unregister(), and can also
be reached from some linedisp_register() error paths.

In that case, to_linedisp() returns NULL and linedisp_release()
dereferences it while freeing the display resources.

The struct device released here is the embedded linedisp->dev used by
linedisp_register(), so retrieve the enclosing object directly with
container_of() instead.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a null pointer dereference in the function that frees a device in the auxdisplay line‑display subsystem. When the attachment list has already been pruned, the helper that locates the containing object returns NULL and the subsequent dereference aborts the kernel, producing a system crash. The only consequence stated is a loss of availability; no evidence of privilege escalation or data modification is provided.

Affected Systems

The affected code exists in the Linux kernel; the CPE list covers all kernel releases, including early releases of 7.0 RC1 through RC6. No specific version numbers are supplied, so any kernel that includes the auxdisplay/line‑display components and has not yet received the patch is vulnerable until the fix is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity and the EPSS value of <1% reflects a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalogue. The error is triggered during the device release phase, so the likely attack vector is a local or privileged process that can cause the device to be detached or that experiences an error path during registration. Because the description does not mention remote or other vectors, the exploitability is confined to processes that have the capability to invoke the release callback.

Generated by OpenCVE AI on May 8, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the commit fixing the NULL dereference in linedisp_release
  • Reboot the system so the updated kernel code is active
  • If an immediate upgrade is not feasible, disable or unload the auxdisplay subsystem or prevent device deregistration until a patch can be applied

Generated by OpenCVE AI on May 8, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Fri, 01 May 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.
Title auxdisplay: line-display: fix NULL dereference in linedisp_release
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:15:08.690Z

Reserved: 2026-03-09T15:48:24.139Z

Link: CVE-2026-31753

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:38.223

Modified: 2026-05-08T18:52:16.810

Link: CVE-2026-31753

cve-icon Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31753 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:15:05Z

Weaknesses