CVE-2026-31753

Source
https://cve.org/CVERecord?id=CVE-2026-31753
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31753.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31753
Downstream
Published
2026-05-01T14:14:44.953Z
Modified
2026-07-08T08:06:21.991053442Z
Summary
auxdisplay: line-display: fix NULL dereference in linedisp_release
Details

In the Linux kernel, the following vulnerability has been resolved:

auxdisplay: line-display: fix NULL dereference in linedisp_release

linedisprelease() currently retrieves the enclosing struct linedisp via tolinedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before putdevice() invokes the release callback. This can happen in linedispunregister(), and can also be reached from some linedisp_register() error paths.

In that case, tolinedisp() returns NULL and linedisprelease() dereferences it while freeing the display resources.

The struct device released here is the embedded linedisp->dev used by linedispregister(), so retrieve the enclosing object directly with containerof() instead.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31753.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
66c93809487e62c4f59ef08625a3fbc0a7de6dd2
Fixed
625fdac41cfc4ca9e1774a0d31d7985aec2c1d66
Fixed
7f138de156b20d9f9da6f72f90b63c01941d97d3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31753.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31753.json"