CVE-2026-23039

Vulnerability

CVE-2026-23039 is a NULL pointer dereference vulnerability in the Linux kernel's GUD (Generic USB Display (GUD) DRM driver. The root cause is that during a USB disconnect, drm_atomic_helper_disable_all() sets both the framebuffer (fb) and the CRTC for a plane to NULL before invoking a commit. The driver then dereferences these NULL pointers, leading to a kernel oops [1][2].

Exploitation

An attacker with physical access to the USB port can trigger this vulnerability by disconnecting a USB display device while the system is running. No authentication is required, as the attack vector is a physical USB disconnect. The vulnerability is triggered automatically during the disconnect handling path in the kernel [1][2].

Impact

Successful exploitation results in a kernel oops, causing a denial of service (DoS) condition. The system may crash or become unstable, requiring a reboot. There is no evidence of privilege escalation or data corruption from the available sources [1][2].）[2].

Mitigation

The fix adds guards for the NULL dereferences, preventing the oops. The patch has been applied to the Linux kernel stable tree [1][2]. Users should update to a kernel version containing the fix.