CVE-2026-23237

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to missing NULL pointer checks within the Classmate laptop driver. Specifically, code utilizing the accel object may execute before the object's address is properly stored in the driver data of the input device. This can lead to a NULL pointer dereference when accessing sysfs attributes prematurely, such as in the cmpc accel sensitivity store v4() and cmpc accel sensitivity show v4() functions. The issue arises because sysfs attributes are added before the input device is fully initialized by cmpc add acpi notify device(), potentially causing a NULL pointer dereference if accessed before initialization. The dev get drvdata() function is involved in these scenarios.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.