Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix drm panic null pointer when driver not support atomic

When driver not support atomic, fb using plane->fb rather than
plane->state->fb.

(cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef)
Published: 2026-02-04
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (kernel crash)
Action: Apply Patch
AI Analysis

Impact

A null pointer dereference occurs when the AMD GPU driver operates without atomic support, causing the kernel to panic. The defect can be triggered by sending a crafted DRM request that forces the driver to use the wrong framebuffer pointer, leading to a system‑wide denial of service. The most likely attack vector is local or privileged access to the DRM subsystem, which would allow an attacker to trigger the crash by interacting with the faulty driver. Based on the description, it is inferred that such a crafted request and local/privileged access are required for exploitation.

Affected Systems

The vulnerability resides in the Linux kernel’s DRM subsystem for AMD GPUs. All kernel releases that contain the buggy code before the patch commit 2f2a72de673513247cd6fae14e53f6c40c5841ef are affected, including current mainline versions and downstream distributions that have not applied the fix. Once the kernel includes the commit, the flaw is mitigated.

Risk and Exploitability

The EPSS score is less than 1 % and the issue is not listed in the CISA KEV catalog, indicating a low likelihood of exploitation. Because an attacker would need to interact with the DRM subsystem—usually requiring local or privileged access—the overall risk to typical deployments is low, though environments with elevated privilege concerns should address the problem promptly. Based on the description, it is inferred that such access is necessary for exploitation.

Generated by OpenCVE AI on April 18, 2026 at 13:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to the latest stable release that incorporates commit 2f2a72de673513247cd6fae14e53f6c40c5841ef, or apply the patch manually to an existing kernel.
  • Reboot the system after the upgrade to load the corrected kernel and terminate any processes that may have loaded the faulty DRM driver before the reboot.
  • Test normal graphics operations and monitor kernel logs for disappearance of the null‑pointer panic messages, confirming that the kernel no longer crashes under unsupported atomic operations.

Generated by OpenCVE AI on April 18, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather than plane->state->fb. (cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef)
Title drm/amdgpu: fix drm panic null pointer when driver not support atomic
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:37:48.534Z

Reserved: 2026-01-13T15:37:45.950Z

Link: CVE-2026-23051

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-04T17:16:15.763

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23051

cve-icon Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23051 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:00:02Z

Weaknesses