Fluid Attacks Database

Description

A NULL pointer dereference vulnerability was found in the Linux kernel's VMware graphics (vmwgfx) driver. On VMware hardware version 10, which lacks GB Surfaces support, attempting to use 3D acceleration with KMS (Kernel Mode Setting) causes the driver to dereference a NULL backing buffer pointer for surface-backed framebuffers. This results in a kernel crash and black screen.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	linux	=6.12.38-1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.13.10-1~exp1 \|\| =6.13.11-1~exp1 \|\| =6.13.2-1~exp1 \|\| =6.13.3-1~exp1 \|\| =6.13.4-1~exp1 \|\| =6.13.5-1~exp1 \|\| =6.13.6-1~exp1 \|\| =6.13.7-1~exp1 \|\| =6.13.8-1~exp1 \|\| =6.13.9-1~exp1 \|\| =6.13~rc6-1~exp1 \|\| =6.13~rc7-1~exp1 \|\| =6.14.3-1~exp1 \|\| =6.14.5-1~exp1 \|\| =6.14.6-1~exp1 \|\| =6.15-1~exp1 \|\| =6.15.1-1~exp1 \|\| =6.15.2-1~exp1 \|\| =6.15.3-1~exp1 \|\| =6.15.4-1~exp1 \|\| =6.15.5-1~exp1 \|\| =6.15.6-1~exp1 \|\| =6.15~rc7-1~exp1 \|\| =6.16-1~exp1 \|\| =6.16.1-1~exp1 \|\| =6.16.10-1 \|\| =6.16.11-1 \|\| =6.16.12-1 \|\| =6.16.12-1~bpo13+1 \|\| =6.16.12-2 \|\| =6.16.3-1 \|\| =6.16.3-1~bpo13+1 \|\| =6.16.5-1 \|\| =6.16.6-1 \|\| =6.16.7-1 \|\| =6.16.8-1 \|\| =6.16.9-1 \|\| =6.16~rc7-1~exp1 \|\| =6.17.10-1 \|\| =6.17.11-1 \|\| =6.17.12-1 \|\| =6.17.13-1 \|\| =6.17.13-1~bpo13+1 \|\| =6.17.2-1~exp1 \|\| =6.17.5-1~exp1 \|\| =6.17.6-1 \|\| =6.17.7-1 \|\| =6.17.7-2 \|\| =6.17.8-1 \|\| =6.17.8-1~bpo13+1 \|\| =6.17.9-1 \|\| =6.18.1-1~exp1 \|\| =6.18.2-1~exp1 \|\| =6.18.3-1 \|\| =6.18.5-1 \|\| =6.18.5-1~bpo13+1 \|\| =6.18~rc4-1~exp1 \|\| =6.18~rc4-1~exp2 \|\| =6.18~rc5-1~exp1 \|\| =6.18~rc6-1~exp1 \|\| =6.18~rc7-1~exp1 \|\| >=0 <6.18.8-1	6.18.8-1
rpm rhel10	kernel	-	-
rpm rhel9	kernel-rt	-	-
rpm rhel6	kernel	-	-
rpm rhel9	kernel	-	-

Aliases

1. CVE-2026-230082. NVD-2026-230083. OSV-DEBIAN-2026-230084. OSV-2026-230085. SECURITY-TRACKER-CVE-2026-23008

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.