CVE-2026-23101 — Use of Uninitialized Resource in Linux
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 95.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateApr 16
Description
In the Linux kernel, the following vulnerability has been resolved:
leds: led-class: Only Add LED to leds_list when it is fully ready
Before this change the LED was added to leds_list before led_init_core()
gets called adding it the list before led_classdev.set_brightness_work gets
initialized.
This leaves a window where led_trigger_register() of a LED's default
trigger will call led_trigger_set() which calls led_set_brightness()
which in turn will end up queueing the *uninitialized*
led_clas…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linuxd23a22a74fded23a12434c9463fe66cec2b0afcd — f7a6df659af777058833802c29b3b7974db5e78a+7
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23101: In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this chan↗2026-02-04
GHSA▶
GHSA-5v65-j3j7-pw24: In the Linux kernel, the following vulnerability has been resolved:
leds: led-class: Only Add LED to leds_list when it is fully ready
Before this ch↗2026-02-04
📋Vendor Advisories
4Debian▶
CVE-2026-23101: linux - In the Linux kernel, the following vulnerability has been resolved: leds: led-c...↗2026