CVE-2026-53058
Awaiting Analysis Awaiting Analysis - Queue

NULL Pointer Dereference in Linux Kernel DRM Bridge

Vulnerability report for CVE-2026-53058, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable() In case if we get errors in cdns_mhdp_link_up() or cdns_mhdp_reg_read() in atomic_enable, we will go to cdns_mhdp_modeset_retry_fn() and will hit NULL pointer while trying to access the mutex. We need the connector to be set before that. Unlike in legacy cases with flag !DRM_BRIDGE_ATTACH_NO_CONNECTOR, we do not have connector initialised in bridge_attach(), so add the mhdp->connector_ptr in device structure to handle both cases with DRM_BRIDGE_ATTACH_NO_CONNECTOR and !DRM_BRIDGE_ATTACH_NO_CONNECTOR, set it in atomic_enable() earlier to avoid possible NULL pointer dereference in recovery paths like modeset_retry_fn() with the DRM_BRIDGE_ATTACH_NO_CONNECTOR flag set.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
cadence cdns_mhdp8546_core *
cadence cdns-mhdp8546-core *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can cause the Linux kernel to dereference a NULL pointer during certain error recovery paths in the cadence cdns-mhdp8546-core driver. This can lead to kernel crashes or system instability, potentially causing denial of service or unexpected behavior in systems using this driver.

Executive Summary

This vulnerability exists in the Linux kernel's drm/bridge component, specifically in the cadence cdns-mhdp8546-core driver. The issue arises because the mhdp connector is not set early enough in the atomic_enable() function. If errors occur in the functions cdns_mhdp_link_up() or cdns_mhdp_reg_read() during atomic_enable, the code attempts to recover by calling cdns_mhdp_modeset_retry_fn(). However, at this point, it tries to access a mutex through a NULL pointer because the connector was not initialized beforehand. This leads to a NULL pointer dereference.

The fix involves setting the mhdp connector earlier in atomic_enable() to ensure it is initialized before any recovery paths that might access it, preventing the NULL pointer dereference.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart