{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23237", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.988Z", "datePublished": "2026-03-04T14:38:41.815Z", "dateUpdated": "2026-03-04T14:38:41.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-04T14:38:41.815Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: classmate-laptop: Add missing NULL pointer checks\n\nIn a few places in the Classmate laptop driver, code using the accel\nobject may run before that object's address is stored in the driver\ndata of the input device using it.\n\nFor example, cmpc_accel_sensitivity_store_v4() is the \"show\" method\nof cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),\nbefore calling dev_set_drvdata() for inputdev->dev. If the sysfs\nattribute is accessed prematurely, the dev_get_drvdata(&inputdev->dev)\ncall in in cmpc_accel_sensitivity_store_v4() returns NULL which\nleads to a NULL pointer dereference going forward.\n\nMoreover, sysfs attributes using the input device are added before\ninitializing that device by cmpc_add_acpi_notify_device() and if one\nof them is accessed before running that function, a NULL pointer\ndereference will occur.\n\nFor example, cmpc_accel_sensitivity_attr_v4 is added before calling\ncmpc_add_acpi_notify_device() and if it is read prematurely, the\ndev_get_drvdata(&acpi->dev) call in cmpc_accel_sensitivity_show_v4()\nreturns NULL which leads to a NULL pointer dereference going forward.\n\nFix this by adding NULL pointer checks in all of the relevant places."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/classmate-laptop.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "993708fc18d0d0919db438361b4e8c1f980a8d1b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "af673209d43b46257540997aba042b90ef3258c0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "eb214804f03c829decf10998e9b7dd26f4c8ab9e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9cf4b9b8ad09d6e05307abc4e951cabdff4be652", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "da6e06a5fdbabea3870d18c227734b5dea5b3be6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "97528b1622b8f129574d29a571c32a3c85eafa3c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fe747d7112283f47169e9c16e751179a9b38611e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/classmate-laptop.c"], "versions": [{"version": "5.10.251", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.201", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.164", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.127", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.74", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.13", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.251"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.201"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.164"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.127"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.74"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/993708fc18d0d0919db438361b4e8c1f980a8d1b"}, {"url": "https://git.kernel.org/stable/c/af673209d43b46257540997aba042b90ef3258c0"}, {"url": "https://git.kernel.org/stable/c/eb214804f03c829decf10998e9b7dd26f4c8ab9e"}, {"url": "https://git.kernel.org/stable/c/9cf4b9b8ad09d6e05307abc4e951cabdff4be652"}, {"url": "https://git.kernel.org/stable/c/da6e06a5fdbabea3870d18c227734b5dea5b3be6"}, {"url": "https://git.kernel.org/stable/c/97528b1622b8f129574d29a571c32a3c85eafa3c"}, {"url": "https://git.kernel.org/stable/c/fe747d7112283f47169e9c16e751179a9b38611e"}], "title": "platform/x86: classmate-laptop: Add missing NULL pointer checks", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: classmate-laptop: Add missing NULL pointer checks\n\nIn a few places in the Classmate laptop driver, code using the accel\nobject may run before that object's address is stored in the driver\ndata of the input device using it.\n\nFor example, cmpc_accel_sensitivity_store_v4() is the \"show\" method\nof cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),\nbefore calling dev_set_drvdata() for inputdev->dev. If the sysfs\nattribute is accessed prematurely, the dev_get_drvdata(&inputdev->dev)\ncall in in cmpc_accel_sensitivity_store_v4() returns NULL which\nleads to a NULL pointer dereference going forward.\n\nMoreover, sysfs attributes using the input device are added before\ninitializing that device by cmpc_add_acpi_notify_device() and if one\nof them is accessed before running that function, a NULL pointer\ndereference will occur.\n\nFor example, cmpc_accel_sensitivity_attr_v4 is added before calling\ncmpc_add_acpi_notify_device() and if it is read prematurely, the\ndev_get_drvdata(&acpi->dev) call in cmpc_accel_sensitivity_show_v4()\nreturns NULL which leads to a NULL pointer dereference going forward.\n\nFix this by adding NULL pointer checks in all of the relevant places."}], "id": "CVE-2026-23237", "lastModified": "2026-03-04T15:16:14.350", "metrics": {}, "published": "2026-03-04T15:16:14.350", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/97528b1622b8f129574d29a571c32a3c85eafa3c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/993708fc18d0d0919db438361b4e8c1f980a8d1b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9cf4b9b8ad09d6e05307abc4e951cabdff4be652"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/af673209d43b46257540997aba042b90ef3258c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/da6e06a5fdbabea3870d18c227734b5dea5b3be6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eb214804f03c829decf10998e9b7dd26f4c8ab9e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fe747d7112283f47169e9c16e751179a9b38611e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}