Home

Description

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.

PUBLISHED Reserved 2026-03-09 | Published 2026-05-01 | Updated 2026-05-01 | Assigner Linux

Product status

Default status
unaffected

66c93809487e62c4f59ef08625a3fbc0a7de6dd2 (git) before 625fdac41cfc4ca9e1774a0d31d7985aec2c1d66
affected

66c93809487e62c4f59ef08625a3fbc0a7de6dd2 (git) before 7f138de156b20d9f9da6f72f90b63c01941d97d3
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.19.12 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/625fdac41cfc4ca9e1774a0d31d7985aec2c1d66

git.kernel.org/...c/7f138de156b20d9f9da6f72f90b63c01941d97d3

cve.org (CVE-2026-31753)

nvd.nist.gov (CVE-2026-31753)

Download JSON