In the Linux kernel, the following vulnerability has been resolved:
auxdisplay: line-display: fix NULL dereference in linedisp_release
linedisprelease() currently retrieves the enclosing struct linedisp via tolinedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before putdevice() invokes the release callback. This can happen in linedispunregister(), and can also be reached from some linedisp_register() error paths.
In that case, tolinedisp() returns NULL and linedisprelease() dereferences it while freeing the display resources.
The struct device released here is the embedded linedisp->dev used by linedispregister(), so retrieve the enclosing object directly with containerof() instead.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31753.json",
"cna_assigner": "Linux"
}