CVE-2026-23237

Description

In the Linux kernel, the following vulnerability has been resolved:platform/x86: classmate-laptop: Add missing null pointer checksIn a few places in the Classmate laptop driver, code using the accelobject may run before that objects address is stored in the driverdata of the input device using it.For example, cmpc_accel_sensitivity_store_v4() is the show methodof cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),before calling dev_set_drvdata() for inputdev->dev. If the sysfsattribute is accessed prematurely, the dev_get_drvdata(&inputdev->dev)call in in cmpc_accel_sensitivity_store_v4() returns null whichleads to a null pointer dereference going forward.Moreover, sysfs attributes using the input device are added beforeinitializing that device by cmpc_add_acpi_notify_device() and if oneof them is accessed before running that function, a null pointerdereference will occur.For example, cmpc_accel_sensitivity_attr_v4 is added before callingcmpc_add_acpi_notify_device() and if it is read prematurely, thedev_get_drvdata(&acpi->dev) call in cmpc_accel_sensitivity_show_v4()returns null which leads to a null pointer dereference going forward.Fix this by adding null pointer checks in all of the relevant places.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.013

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234