Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 12, 2026

CVE-2026-43123

Description

In the Linux kernel, the following vulnerability has been resolved:

fbcon: check return value of con2fb_acquire_newinfo()

If fbcon_open() fails when called from con2fb_acquire_newinfo() then info->fbcon_par pointer remains NULL which is later dereferenced.

Add check for return value of the function con2fb_acquire_newinfo() to avoid it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.

MediumCVSS v3.1

5.5/ 10

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Probability of exploitation in the next 30 days.

0.01%

Composite of severity, exploitation, and reach.

0.36medium

CVE-2026-43123