CVE-2026-43369
Received Received - Intake
NULL pointer dereference in AMD GPU driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and amdgpu_device_set_cg_state which iterate over all IP blocks and access adev->ip_blocks[i].version without NULL checks, leading to a kernel NULL pointer dereference. Add NULL checks for adev->ip_blocks[i].version in both amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent dereferencing NULL pointers during GPU teardown when initialization has failed. (cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-09
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43369
EUVD
EUVD-2026-28675
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
amd linux_kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability occurs in the Linux kernel's AMD GPU driver during device cleanup after a failed GPU initialization.

When GPU initialization fails because of an unsupported hardware block, some IP blocks may have a NULL version pointer.

During cleanup, the code calls functions that iterate over all IP blocks and access their version pointers without checking if they are NULL.

This leads to a NULL pointer dereference in the kernel, which can cause a crash or instability.

The fix involves adding NULL checks before accessing these version pointers to prevent dereferencing NULL pointers during GPU teardown.

Impact Analysis

This vulnerability can cause the Linux kernel to dereference a NULL pointer during GPU device cleanup, potentially leading to a kernel crash or system instability.

Such crashes can result in denial of service, requiring a system reboot and possibly causing data loss or disruption of services.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in the drm/amd driver.

The fix adds NULL checks for the version pointer in amdgpu_device_set_cg_state and amdgpu_device_set_pg_state functions to prevent kernel crashes during GPU teardown when initialization fails.

Applying the patch or upgrading to a kernel version containing the commit b7ac77468cda92eecae560b05f62f997a12fe2f2 will address this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart