CVE-2025-68326
Null Pointer Dereference in Linux drm/xe GUC Stack_Depot Usage
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a bug in the Linux kernel's drm/xe/guc component related to the stack_depot usage. Specifically, when the CONFIG_DRM_XE_DEBUG_GUC option is enabled, a missing initialization call to stack_depot_init() causes a NULL pointer dereference in the kernel, leading to a crash (BUG). This occurs during GPU scheduling workqueue operations, resulting in a kernel panic or instability.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when certain GPU debug features are enabled. This can lead to system instability, unexpected reboots, or denial of service conditions on affected systems running the vulnerable kernel with the specific debug configuration enabled.