{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23039", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.943Z", "datePublished": "2026-01-31T11:42:33.377Z", "dateUpdated": "2026-05-11T21:58:49.153Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:49.153Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gud: fix NULL fb and crtc dereferences on USB disconnect\n\nOn disconnect drm_atomic_helper_disable_all() is called which\nsets both the fb and crtc for a plane to NULL before invoking a commit.\n\nThis causes a kernel oops on every display disconnect.\n\nAdd guards for those dereferences."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/gud/gud_pipe.c"], "versions": [{"version": "73cfd166e045769a1b42d36897accaa6e06b8102", "lessThan": "a255ec07f91d4c73a361a28b7a3d82f5710245f1", "status": "affected", "versionType": "git"}, {"version": "73cfd166e045769a1b42d36897accaa6e06b8102", "lessThan": "dc2d5ddb193e363187bae2ad358245642d2721fb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/gud/gud_pipe.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a255ec07f91d4c73a361a28b7a3d82f5710245f1"}, {"url": "https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb"}], "title": "drm/gud: fix NULL fb and crtc dereferences on USB disconnect", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gud: fix NULL fb and crtc dereferences on USB disconnect\n\nOn disconnect drm_atomic_helper_disable_all() is called which\nsets both the fb and crtc for a plane to NULL before invoking a commit.\n\nThis causes a kernel oops on every display disconnect.\n\nAdd guards for those dereferences."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ndrm/gud: corrige desreferencias NULL de fb y crtc al desconectar el USB\n\nAl desconectar, se llama a drm_atomic_helper_disable_all() que establece tanto el fb como el crtc para un plano a NULL antes de invocar un commit.\n\nEsto causa un kernel oops en cada desconexi\u00f3n de pantalla.\n\nA\u00f1adir protecciones para esas desreferencias."}], "id": "CVE-2026-23039", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-31T12:16:07.213", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a255ec07f91d4c73a361a28b7a3d82f5710245f1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dc2d5ddb193e363187bae2ad358245642d2721fb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: drm/gud: fix NULL fb and crtc dereferences on USB disconnect", "id": "2435658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435658"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23039", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23039\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23039\nhttps://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23039-be18@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-18T00:51:47.125882+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a patched release that incorporates the GUD DRM NULL dereference fix.", "Reboot the system to ensure the new kernel is running.", "If an immediate kernel update is not possible, avoid disconnecting USB display devices or use a hardware solution to prevent unintended disconnects."], "summary": {"action": "Patch Kernel", "impact": "Kernel Crash (Denial of Service)"}, "threat_synthesis": {"affected_systems": "This issue affects any Linux kernel build that compiles the GUD DRM module before the fix was committed. The specific kernel versions affected are not listed in the advisory, so any kernel released before the patch must be considered vulnerable until it is updated to a version that includes the change.", "description_and_impact": "The Linux kernel contains a NULL dereference in the GUD DRM subsystem that is triggered when a display device is disconnected over USB. During the disconnect sequence, the kernel sets the frame buffer and CRTC pointers to NULL before a commit operation, and the subsequent dereference causes a kernel oops. An unstable kernel crashes, interrupting all processes and rendering the system inoperable until a reboot.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% suggests the likelihood of exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local: a user or process that causes a USB display device to disconnect can trigger the crash. An attacker with the ability to manipulate or force USB disconnect events could cause denial of service on the affected host."}}}}, "created": "2026-04-18T01:00:11.628401+00:00", "updated": "2026-04-18T01:00:11.628420+00:00", "vendors": [], "weaknesses": ["CWE-476"]}