Description
In the Linux kernel, the following vulnerability has been resolved:

interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()

The change to dynamic IDs for SM8450 platform interconnects left two links
unconverted, fix it to avoid the NULL pointer dereference in runtime,
when a pointer to a destination interconnect is not valid:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
<...>
Call trace:
icc_link_nodes+0x3c/0x100 (P)
qcom_icc_rpmh_probe+0x1b4/0x528
platform_probe+0x64/0xc0
really_probe+0xc4/0x2a8
__driver_probe_device+0x80/0x140
driver_probe_device+0x48/0x170
__device_attach_driver+0xc0/0x148
bus_for_each_drv+0x88/0xf0
__device_attach+0xb0/0x1c0
device_initial_probe+0x58/0x68
bus_probe_device+0x40/0xb8
deferred_probe_work_func+0x90/0xd0
process_one_work+0x15c/0x3c0
worker_thread+0x2e8/0x400
kthread+0x150/0x208
ret_from_fork+0x10/0x20
Code: 900310f4 911d6294 91008280 94176078 (f94002a0)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference occurs in the function icc_link_nodes within the Qualcomm SM8450 interconnect driver of the Linux kernel. When a destination interconnect pointer is missing during runtime, the driver attempts to read from a zero address, causing an Oops that causes the system to panic. The crash halts all services and requires a reboot, thereby disrupting continuity without disclosing or corrupting data.

Affected Systems

All Linux kernel builds that include the SM8450 interconnect driver prior to the commit that introduces the fix are affected. The CPE entries list generic Linux kernels, including kernel 7.0 releases 1 through 6. Devices that rely on the SM8450 platform and its interconnect configuration are at risk until the patch is applied.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score is less than 1%, showing a very low probability of widespread exploitation. The flaw is not listed in CISA KEV. Triggering the vulnerability requires that the driver be probed with an uninitialized link, which can be achieved by supplying a malformed interconnect configuration or by manipulating driver loading. The likely attack vector is local; an attacker with permissions to influence kernel modules or driver initialization can cause the kernel panic. While no public exploit exists, the impact of an unexpected crash is significant for systems requiring high availability.

Generated by OpenCVE AI on May 15, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream Linux kernel patch that resolves the NULL pointer dereference; the relevant commit IDs are 77d22bf3 and dbbd550d7c.
  • Update to a kernel release that incorporates the fix or rebuild your kernel with the corrected source code.
  • If immediate patch deployment is unavailable, disable or limit loading of the SM8450 interconnect driver to prevent the problematic links from being probed, thereby reducing the likelihood of a crash.
  • Ensure that any interconnect configuration data is validated before being passed to the driver, following best practices for input validation to mitigate pointer dereference weaknesses (CWE-476).

Generated by OpenCVE AI on May 15, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
References

Fri, 08 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes() The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a pointer to a destination interconnect is not valid: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 <...> Call trace: icc_link_nodes+0x3c/0x100 (P) qcom_icc_rpmh_probe+0x1b4/0x528 platform_probe+0x64/0xc0 really_probe+0xc4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __device_attach_driver+0xc0/0x148 bus_for_each_drv+0x88/0xf0 __device_attach+0xb0/0x1c0 device_initial_probe+0x58/0x68 bus_probe_device+0x40/0xb8 deferred_probe_work_func+0x90/0xd0 process_one_work+0x15c/0x3c0 worker_thread+0x2e8/0x400 kthread+0x150/0x208 ret_from_fork+0x10/0x20 Code: 900310f4 911d6294 91008280 94176078 (f94002a0) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception
Title interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:22:34.774Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43335

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:43.263

Modified: 2026-05-15T19:59:28.347

Link: CVE-2026-43335

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43335 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T23:15:08Z

Weaknesses