Description
In the Linux kernel, the following vulnerability has been resolved:

fbcon: check return value of con2fb_acquire_newinfo()

If fbcon_open() fails when called from con2fb_acquire_newinfo() then
info->fbcon_par pointer remains NULL which is later dereferenced.

Add check for return value of the function con2fb_acquire_newinfo() to
avoid it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s framebuffer console (fbcon) subsystem, the routine fbcon_open() may call con2fb_acquire_newinfo() and fail, yet the failure is not checked. Consequently, the fbcon_par structure pointer remains NULL and is later dereferenced, causing a null pointer dereference and a kernel panic. This leads to a denial of service by forcing the device to reboot or halt. The weakness corresponds to CWE-476: NULL Pointer Dereference.

Affected Systems

The vulnerability affects all Linux kernel versions prior to the inclusion of the mentioned patch; no specific version range is provided in the data. System administrators should verify that their kernel does not contain the vulnerable fbcon code path.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in KEV, but a kernel panic is a severe outcome. The likely attack vector is local access that can trigger a console or framebuffer operation, such as a user opening a framebuffer device or the system initiating a console switch. A local attacker with sufficient privilege to invoke con2fb_acquire_newinfo() could exploit this flaw. While no CVSS score is provided, the impact of a kernel panic warrants high priority handling.

Generated by OpenCVE AI on May 6, 2026 at 13:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the fbcon_acquire_newinfo() return‑value check fix.
  • If updating is not immediately possible, restrict access to framebuffer consoles (/dev/fb*) so only privileged users can open them, reducing the opportunity to exercise the flaw.
  • Monitor system logs for fbcon‑related kernel panic entries and verify that the applied update prevents recurrence.

Generated by OpenCVE AI on May 6, 2026 at 13:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fb_acquire_newinfo() If fbcon_open() fails when called from con2fb_acquire_newinfo() then info->fbcon_par pointer remains NULL which is later dereferenced. Add check for return value of the function con2fb_acquire_newinfo() to avoid it. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Title fbcon: check return value of con2fb_acquire_newinfo()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:27:09.553Z

Reserved: 2026-05-01T14:12:55.987Z

Link: CVE-2026-43123

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:29.180

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43123

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T13:30:04Z

Weaknesses