Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amd: Fix a few more NULL pointer dereference in device cleanup

I found a few more paths that cleanup fails due to a NULL version pointer
on unsupported hardware.

Add NULL checks as applicable.

(cherry picked from commit f5a05f8414fc10f307eb965f303580c7778f8dd2)
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, a NULL pointer dereference can occur during the cleanup of AMD DRM devices when unsupported hardware is detected. The vulnerability is triggered by the absence of null checks on the device's version pointer, causing a null dereference during device cleanup. This defect illustrates classic null pointer dereference (CWE-476) and could lead to a kernel panic, interrupting system availability.

Affected Systems

Affected systems include Linux kernel users running the AMD DRM driver before the patch introduced in commit f5a05f... This encompasses all kernel releases that have not yet incorporated the null pointer checks in the device cleanup path. The issue is driven by unsupported AMD hardware where the driver fails to validate the version pointer.

Risk and Exploitability

The CVSS score is not published, and EPSS data is unavailable, suggesting limited public exploitation data. The vulnerability is not listed in CISA's KEV catalog. Because the defect occurs in privileged kernel code, the likely attack vector is local or requires elevated permissions, making remote exploitation less probable without a remote code execution vector. Nonetheless, the potential impact is a kernel crash, which could be leveraged for denial of service. Until a patch is applied, the risk remains moderate, but high in environments where unsupported AMD hardware is present and the kernel is exposed to untrusted inputs.

Generated by OpenCVE AI on May 8, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the AMD DRM null pointer dereference fix.
  • If an update cannot be applied immediately, temporarily disable or blacklist the AMD DRM module to avoid triggering cleanup on unsupported hardware.
  • If the vendor’s distribution has not yet released the patch, manually backport the kernel commit that adds null checks (commit f5a05f84) to your local kernel source, rebuild, and reboot.

Generated by OpenCVE AI on May 8, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Fri, 08 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. (cherry picked from commit f5a05f8414fc10f307eb965f303580c7778f8dd2)
Title drm/amd: Fix a few more NULL pointer dereference in device cleanup
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:21:19.851Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43367

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:47.737

Modified: 2026-05-08T15:16:47.737

Link: CVE-2026-43367

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43367 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T20:30:15Z

Weaknesses