CVE-2026-23008 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference CWE-824 — Access of Uninitialized Pointer7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 94.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJan 25

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and crash the driver causing a black screen.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.16.0 — 6.18.7

▶NVDlinux/linux_kernel6.16.1 — 6.18.7+2

▶Debianlinux/linux_kernel< 6.18.8-1

▶CVEListV5linux/linux965544150d1cadf0e8f5bb6c13c19697e46e1429 — a91bdd21d5efb3072beefbec13762b7722200c49+2

▶debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

drm/vmwgfx: Fix KMS with 3D on HW version 10↗2026-01-25

▶

GHSA

GHSA-3hqq-c86m-p54c: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surf↗2026-01-25

▶

OSV

CVE-2026-23008: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfac↗2026-01-25

▶

📋Vendor Advisories

Red Hat

kernel: drm/vmwgfx: Fix KMS with 3D on HW version 10↗2026-01-25

▶

Debian

CVE-2026-23008: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23008 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶