CVE-2026-43369
NULL pointer dereference in AMD GPU driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | linux_kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's AMD GPU driver during device cleanup after a failed GPU initialization.
When GPU initialization fails because of an unsupported hardware block, some IP blocks may have a NULL version pointer.
During cleanup, the code calls functions that iterate over all IP blocks and access their version pointers without checking if they are NULL.
This leads to a NULL pointer dereference in the kernel, which can cause a crash or instability.
The fix involves adding NULL checks before accessing these version pointers to prevent dereferencing NULL pointers during GPU teardown.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to dereference a NULL pointer during GPU device cleanup, potentially leading to a kernel crash or system instability.
Such crashes can result in denial of service, requiring a system reboot and possibly causing data loss or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in the drm/amd driver.
The fix adds NULL checks for the version pointer in amdgpu_device_set_cg_state and amdgpu_device_set_pg_state functions to prevent kernel crashes during GPU teardown when initialization fails.
Applying the patch or upgrading to a kernel version containing the commit b7ac77468cda92eecae560b05f62f997a12fe2f2 will address this issue.