CVE-2026-53325
Received Received - Intake

NULL Pointer Dereference in Linux Kernel AMD64 AGP Driver

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64_fetch_size() when attempting to dereference the pointer returned by node_to_amd_nb(0). The root cause of this crash is broken error propagation in agp_amd64_probe(): When no AMD northbridges are found, cache_nbs() correctly returns -ENODEV. However, the probe function erroneously checks the return value against exactly -1, rather than < 0. As a result, the hardware absence error is masked, allowing the driver to improperly proceed with initialization. It eventually calls agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware does not exist, node_to_amd_nb(0) returns NULL, leading to a General Protection Fault (GPF) when accessing its ->misc member. Fix the issue by correcting the error check in agp_amd64_probe() to abort properly when cache_nbs() returns any negative error code. This prevents the driver from erroneously proceeding without hardware, thereby avoiding the subsequent NULL pointer dereference at its source.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-53325
EUVD
EUVD-2026-40034

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel linux_kernel *
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The vulnerability is caused by broken error propagation in the AMD64 AGP driver when no AMD northbridge hardware is present, leading to a NULL pointer dereference and system crash.

To mitigate this vulnerability, update the Linux kernel to a version where the agp_amd64_probe() function has been fixed to properly check for any negative error code from cache_nbs() and abort initialization if no AMD northbridge is found.

This fix prevents the driver from proceeding without the required hardware and avoids the NULL pointer dereference that causes the crash.

Executive Summary

This vulnerability exists in the Linux kernel's AMD64 AGP driver, specifically in the agp_amd64_probe() function. When running in a virtualized environment without a physical AMD northbridge, a NULL pointer dereference can occur. The root cause is that the driver incorrectly checks for hardware absence errors by comparing the return value of cache_nbs() to exactly -1 instead of any negative value. This mistake allows the driver to continue initialization even when no AMD northbridge hardware is present, leading to a crash (General Protection Fault) when the driver tries to access a NULL pointer.

The issue is fixed by correcting the error check to properly abort initialization when any negative error code is returned, preventing the NULL pointer dereference.

Impact Analysis

This vulnerability can cause the Linux kernel to crash with a General Protection Fault when running in virtualized environments without a physical AMD northbridge. This crash can lead to system instability or denial of service, as the kernel's AMD64 AGP driver improperly proceeds with initialization despite missing hardware, ultimately dereferencing a NULL pointer.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart