CVE-2026-23471Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug When trying to do a rather aggressive test of igt's "xe_module_load --r reload" with a full desktop environment and game running I noticed a few OOPSes when dereferencing freed pointers, related to framebuffers and property blobs after the compositor exit

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxbee330f3d67273a68dcb99f59480d59553c008b254df178324b268c62f847381e2813a1b0f971384+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-9h7x-8rrr-c9c7: In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_u2026-04-03
OSV
CVE-2026-23471: In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_un2026-04-03
CVEList
drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug2026-04-03
Debian
CVE-2026-23471: linux - In the Linux kernel, the following vulnerability has been resolved: drm: Fix us...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23471 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-23471 kernel: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug2026-04-03