CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/x86: classmate-laptop: Add missing NULL pointer checks<br /> <br /> In a few places in the Classmate laptop driver, code using the accel<br /> object may run before that object&amp;#39;s address is stored in the driver<br /> data of the input device using it.<br /> <br /> For example, cmpc_accel_sensitivity_store_v4() is the "show" method<br /> of cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),<br /> before calling dev_set_drvdata() for inputdev-&gt;dev. If the sysfs<br /> attribute is accessed prematurely, the dev_get_drvdata(&amp;inputdev-&gt;dev)<br /> call in in cmpc_accel_sensitivity_store_v4() returns NULL which<br /> leads to a NULL pointer dereference going forward.<br /> <br /> Moreover, sysfs attributes using the input device are added before<br /> initializing that device by cmpc_add_acpi_notify_device() and if one<br /> of them is accessed before running that function, a NULL pointer<br /> dereference will occur.<br /> <br /> For example, cmpc_accel_sensitivity_attr_v4 is added before calling<br /> cmpc_add_acpi_notify_device() and if it is read prematurely, the<br /> dev_get_drvdata(&amp;acpi-&gt;dev) call in cmpc_accel_sensitivity_show_v4()<br /> returns NULL which leads to a NULL pointer dereference going forward.<br /> <br /> Fix this by adding NULL pointer checks in all of the relevant places.