{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23049", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.949Z", "datePublished": "2026-02-04T16:04:18.076Z", "dateUpdated": "2026-05-11T21:59:00.872Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:00.872Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel\n\nThe connector type for the DataImage SCF0700C48GGU18 panel is missing and\ndevm_drm_panel_bridge_add() requires connector type to be set. This leads\nto a warning and a backtrace in the kernel log and panel does not work:\n\"\nWARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridge+0xac/0xb8\n\"\nThe warning is triggered by a check for valid connector type in\ndevm_drm_panel_bridge_add(). If there is no valid connector type\nset for a panel, the warning is printed and panel is not added.\nFill in the missing connector type to fix the warning and make\nthe panel operational once again."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/panel/panel-simple.c"], "versions": [{"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "f4c330b4499e7334ec6fce535574e09d55843d71", "status": "affected", "versionType": "git"}, {"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "bb309377eece5317207d71fd833f99cca4727fbd", "status": "affected", "versionType": "git"}, {"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "83e0d8d22e7ee3151af1951595104887eebed6ab", "status": "affected", "versionType": "git"}, {"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "bc0b17bdba3838e9e17e7e9adc968384ac99938b", "status": "affected", "versionType": "git"}, {"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "04218cd68d1502000823c8288f37b4f171dcdcae", "status": "affected", "versionType": "git"}, {"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "f7940d3ec1dc6bf719eddc69d4b8e52cc2201896", "status": "affected", "versionType": "git"}, {"version": "97ceb1fb08b6a2f78aa44a7c229ca280964860c0", "lessThan": "6ab3d4353bf75005eaa375677c9fed31148154d6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/panel/panel-simple.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f4c330b4499e7334ec6fce535574e09d55843d71"}, {"url": "https://git.kernel.org/stable/c/bb309377eece5317207d71fd833f99cca4727fbd"}, {"url": "https://git.kernel.org/stable/c/83e0d8d22e7ee3151af1951595104887eebed6ab"}, {"url": "https://git.kernel.org/stable/c/bc0b17bdba3838e9e17e7e9adc968384ac99938b"}, {"url": "https://git.kernel.org/stable/c/04218cd68d1502000823c8288f37b4f171dcdcae"}, {"url": "https://git.kernel.org/stable/c/f7940d3ec1dc6bf719eddc69d4b8e52cc2201896"}, {"url": "https://git.kernel.org/stable/c/6ab3d4353bf75005eaa375677c9fed31148154d6"}], "title": "drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel\n\nThe connector type for the DataImage SCF0700C48GGU18 panel is missing and\ndevm_drm_panel_bridge_add() requires connector type to be set. This leads\nto a warning and a backtrace in the kernel log and panel does not work:\n\"\nWARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridge+0xac/0xb8\n\"\nThe warning is triggered by a check for valid connector type in\ndevm_drm_panel_bridge_add(). If there is no valid connector type\nset for a panel, the warning is printed and panel is not added.\nFill in the missing connector type to fix the warning and make\nthe panel operational once again."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ndrm/panel-simple: corregir el tipo de conector para el panel DataImage SCF0700C48GGU18\n\nEl tipo de conector para el panel DataImage SCF0700C48GGU18 falta y devm_drm_panel_bridge_add() requiere que el tipo de conector est\u00e9 configurado. Esto lleva a una advertencia y un backtrace en el registro del kernel y el panel no funciona:\n'WARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridge+0xac/0xb8'\nLa advertencia es activada por una comprobaci\u00f3n de tipo de conector v\u00e1lido en devm_drm_panel_bridge_add(). Si no hay un tipo de conector v\u00e1lido configurado para un panel, la advertencia se imprime y el panel no se a\u00f1ade.\nRellenar el tipo de conector que falta para corregir la advertencia y hacer que el panel vuelva a estar operativo."}], "id": "CVE-2026-23049", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-02-04T17:16:15.557", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/04218cd68d1502000823c8288f37b4f171dcdcae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ab3d4353bf75005eaa375677c9fed31148154d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/83e0d8d22e7ee3151af1951595104887eebed6ab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bb309377eece5317207d71fd833f99cca4727fbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bc0b17bdba3838e9e17e7e9adc968384ac99938b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f4c330b4499e7334ec6fce535574e09d55843d71"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f7940d3ec1dc6bf719eddc69d4b8e52cc2201896"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel", "id": "2436824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436824"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23049", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23049\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23049\nhttps://lore.kernel.org/linux-cve-announce/2026020449-CVE-2026-23049-9298@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T13:58:40.201492+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the fix for the DataImage SCF0700C48GGU18 panel.", "If no updated kernel is available, add a device tree property that specifies the correct connector type for the panel to suppress the warning and enable the display.", "When neither updating nor overriding is possible, remove or comment out the panel device node so the system does not attempt to initialize the faulty panel."], "summary": {"action": "Patch", "impact": "Display Failure"}, "threat_synthesis": {"affected_systems": "The issue is confined to the drm/panel-simple driver in the Linux kernel. Any Linux distribution that ships a kernel version containing this driver, without the later patch, is affected when it uses the DataImage SCF0700C48GGU18 panel. No specific kernel version numbers are cited in the advisory, so all versions that include the unpatched driver are potentially vulnerable. Users who rely on that panel should verify whether their running kernel contains the recent commit adding the missing connector type.", "description_and_impact": "In the Linux kernel, the drm/panel-simple driver lacks a connector type for the DataImage SCF0700C48GGU18 panel. When the driver attempts to add the panel bridge, devm_drm_panel_bridge_add() checks for a valid connector type and, finding none, outputs a warning and backtrace. As a result, the panel is not added and the display fails to operate. This vulnerability does not provide code execution or privilege escalation; it merely prevents the panel from functioning and logs an error. The weakness is an instance of improper initialization, mapped to CWE\u2011665.", "risk_and_exploitability": "The EPSS score is below 1\u202f% and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of exploitation. Because the flaw only triggers a warning during driver initialization and requires the panel hardware to be present, it is unlikely to be exploitable for remote or malicious attacks. The absence of privilege escalation or data compromise further reduces the risk, resulting in a localized, low\u2011severity impact that mainly affects display availability."}}}}, "created": "2026-04-18T14:00:02.187989+00:00", "updated": "2026-04-18T14:00:02.188004+00:00", "vendors": [], "weaknesses": ["CWE-665"]}