CVE-2026-23237 [Medium] | Security Vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device using it. For example, cmpc_accel_sensitivity_store_v4() is the "show" method of cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(), before calling dev_set_drvdata() for inputdev->dev. If the sysfs attribute is accessed prematurely, the dev_get_drvdata(&inputdev->dev) call in in cmpc_accel_sensitivity_store_v4() returns NULL which leads to a NULL pointer dereference going forward. Moreover, sysfs attributes using the input device are added before initializing that device by cmpc_add_acpi_notify_device() and if one of them is accessed before running that function, a NULL pointer dereference will occur. For example, cmpc_accel_sensitivity_attr_v4 is added before calling cmpc_add_acpi_notify_device() and if it is read prematurely, the dev_get_drvdata(&acpi->dev) call in cmpc_accel_sensitivity_show_v4() returns NULL which leads to a NULL pointer dereference going forward. Fix this by adding NULL pointer checks in all of the relevant places.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-03-05	—	0.03%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-03-05

—

0.03%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.5

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.8

3.6

[email protected]

OS Trackers for CVE-2026-23237

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-23237 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2026-23237
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2026-23237
`suse`	medium	CVE-2026-23237 severity moderate: SUSE including 18 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 52 product×package rows across 12 product lines (SUSE Linux Enterprise High Availability Extension 15 SP7, SUSE Linux Enterprise Live Patching 15 SP7, … (12 product lines)): Known Not Affected 52.	https://www.suse.com/security/cve/CVE-2026-23237/
`ubuntu`	medium	CVE-2026-23237 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1256 status rows across 8 suites (bionic, focal, jammy, noble, questing, trusty, upstream, xenial): DNE 871, ignored 173, needed 129, released 83.	https://ubuntu.com/security/CVE-2026-23237

Affected software / configurations for CVE-2026-23237

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 2.6.33.1, < 5.10.251	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.11, < 5.15.201	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.16, < 6.1.164	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.2, < 6.6.127	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.7, < 6.12.74	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.13, < 6.18.13	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:-::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc2::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc3::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc4::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc5::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc6::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc7::::::
linux	linux_kernel	2.6.33	cpe:2.3:o:linux:linux_kernel:2.6.33:rc8::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
linux	linux_kernel	6.19	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

References for CVE-2026-23237

URL	Tags
https://git.kernel.org/stable/c/97528b1622b8f129574d29a571c32a3c85eafa3c	Patch
https://git.kernel.org/stable/c/993708fc18d0d0919db438361b4e8c1f980a8d1b	Patch
https://git.kernel.org/stable/c/9cf4b9b8ad09d6e05307abc4e951cabdff4be652	Patch
https://git.kernel.org/stable/c/af673209d43b46257540997aba042b90ef3258c0	Patch
https://git.kernel.org/stable/c/da6e06a5fdbabea3870d18c227734b5dea5b3be6	Patch
https://git.kernel.org/stable/c/eb214804f03c829decf10998e9b7dd26f4c8ab9e	Patch
https://git.kernel.org/stable/c/fe747d7112283f47169e9c16e751179a9b38611e	Patch

URL

CVE-2026-23237 | platform/x86: classmate-laptop: Add missing NULL pointer checks

Exploit prediction scoring system (EPSS) score for CVE-2026-23237

Common vulnerability scoring system (CVSS) metrics for CVE-2026-23237

Weakness enumeration for CVE-2026-23237

OS Trackers for CVE-2026-23237

Affected software / configurations for CVE-2026-23237

References for CVE-2026-23237