CVE-2026-53325
Analyzed Analyzed - Analysis Complete

NULL Pointer Dereference in Linux Kernel AMD64 AGP Driver

Vulnerability report for CVE-2026-53325, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-29

Last updated on: 2026-07-06

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64_fetch_size() when attempting to dereference the pointer returned by node_to_amd_nb(0). The root cause of this crash is broken error propagation in agp_amd64_probe(): When no AMD northbridges are found, cache_nbs() correctly returns -ENODEV. However, the probe function erroneously checks the return value against exactly -1, rather than < 0. As a result, the hardware absence error is masked, allowing the driver to improperly proceed with initialization. It eventually calls agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware does not exist, node_to_amd_nb(0) returns NULL, leading to a General Protection Fault (GPF) when accessing its ->misc member. Fix the issue by correcting the error check in agp_amd64_probe() to abort properly when cache_nbs() returns any negative error code. This prevents the driver from erroneously proceeding without hardware, thereby avoiding the subsequent NULL pointer dereference at its source.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-07-06
Generated
2026-07-19
AI Q&A
2026-06-29
EPSS Evaluated
2026-07-18
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.1.177 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.144 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.95 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.211 (exc)
linux linux_kernel From 2.6.18 (inc) to 5.10.260 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.37 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.14 (exc)
linux linux_kernel From 7.1 (inc) to 7.1.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's AMD64 AGP driver, specifically in the agp_amd64_probe() function. When running in a virtualized environment without a physical AMD northbridge, a NULL pointer dereference can occur. The root cause is that the driver incorrectly checks for hardware absence errors by comparing the return value of cache_nbs() to exactly -1 instead of any negative value. This mistake allows the driver to continue initialization even when no AMD northbridge hardware is present, leading to a crash (General Protection Fault) when the driver tries to access a NULL pointer.

The issue is fixed by correcting the error check to properly abort initialization when any negative error code is returned, preventing the NULL pointer dereference.

Detection Guidance

This vulnerability involves a NULL pointer dereference in the AMD64 AGP driver in the Linux kernel when running in a virtualized environment without a physical AMD northbridge.

Detection would involve checking if the system is running a vulnerable version of the Linux kernel with the affected agp/amd64 driver and if it is operating in a virtualized environment such as qemu/kvm without a physical AMD northbridge.

Since no specific detection commands or tools are provided in the available information, general approaches include:

  • Check the kernel version and verify if it includes the fix for the agp_amd64_probe() error propagation.
  • Look for kernel crash logs or oops messages related to General Protection Faults (GPF) in the AMD64 AGP driver.
  • Use dmesg or journalctl commands to review kernel messages for errors related to agp_amd64_probe or amd64_fetch_size.
  • Verify if the system is running in a virtualized environment without a physical AMD northbridge by checking hardware details (e.g., lspci) and virtualization status.
Impact Analysis

This vulnerability can cause the Linux kernel to crash with a General Protection Fault when running in virtualized environments without a physical AMD northbridge. This crash can lead to system instability or denial of service, as the kernel's AMD64 AGP driver improperly proceeds with initialization despite missing hardware, ultimately dereferencing a NULL pointer.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The vulnerability is caused by broken error propagation in the AMD64 AGP driver when no AMD northbridge hardware is present, leading to a NULL pointer dereference and system crash.

To mitigate this vulnerability, update the Linux kernel to a version where the agp_amd64_probe() function has been fixed to properly check for any negative error code from cache_nbs() and abort initialization if no AMD northbridge is found.

This fix prevents the driver from proceeding without the required hardware and avoids the NULL pointer dereference that causes the crash.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart