CVE-2026-31753

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> auxdisplay: line-display: fix NULL dereference in linedisp_release<br /> <br /> linedisp_release() currently retrieves the enclosing struct linedisp via<br /> to_linedisp(). That lookup depends on the attachment list, but the<br /> attachment may already have been removed before put_device() invokes the<br /> release callback. This can happen in linedisp_unregister(), and can also<br /> be reached from some linedisp_register() error paths.<br /> <br /> In that case, to_linedisp() returns NULL and linedisp_release()<br /> dereferences it while freeing the display resources.<br /> <br /> The struct device released here is the embedded linedisp-&gt;dev used by<br /> linedisp_register(), so retrieve the enclosing object directly with<br /> container_of() instead.