CVE-2026-43369 - Vulnerability Details

- drm/amd: Fix NULL pointer dereference in device cleanup

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd: Fix NULL pointer dereference in device cleanup

When GPU initialization fails due to an unsupported HW block
IP blocks may have a NULL version pointer. During cleanup in
amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and
amdgpu_device_set_cg_state which iterate over all IP blocks and access
adev->ip_blocks[i].version without NULL checks, leading to a kernel
NULL pointer dereference.

Add NULL checks for adev->ip_blocks[i].version in both
amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent
dereferencing NULL pointers during GPU teardown when initialization has
failed.

(cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A NULL pointer dereference occurs in the Linux kernel’s amdgpu driver during device cleanup when GPU initialization fails and certain hardware blocks lack a valid version pointer. The driver accesses adev->ip_blocks[i].version without checking for NULL, causing a fault that can crash the system. The impact is a local denial of service, as an attacker can provoke the crash by forcing the driver to clean up a failed GPU initialization. No additional privilege escalation is documented in the advisory.

Affected Systems

The flaw affects the amdgpu driver within the Linux kernel on all machines using AMD GPUs that run kernel versions prior to the patch commits referenced in the advisory. The specific commit identifiers that introduced the fix are available in the provided references, indicating that any kernel lacking those commits is potentially vulnerable.

Risk and Exploitability

No CVSS or EPSS score is published, and the vulnerability is not listed in CISA KEV, suggesting limited or no public exploitation. The likely attack vector is local or privileged users who can influence GPU initialization, leading to a system crash. Exploitation requires the ability to trigger a GPU teardown; the crash is the primary impact and carries high operational risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fc58ef30e0a1524ce72a8e873d773ba3b0830c7d`	affected	< 43025c941aced9a9009f9ff20eea4eb78c61deb8
`6d7ac4a0ebb6b7bc885274aa8b2bd9971f07013c`	affected	< 767cd24d3c4ae847688877def4891943f6611ecd
`39fc2bc4da0082c226cbee331f0a5d44db3997da`	affected	< 062ea905fff7756b2e87143ffccaece5cdb44267

Linux

unaffected

Version	Status	Constraints
`6.18.16`	affected	< 6.18.19
`6.19.6`	affected	< 6.19.9

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[fc58ef30e0a1524ce72a8e873d773ba3b0830c7d,43025c941aced9a9009f9ff20eea4eb78c61deb8)`	affected	code_commit	—
`[6d7ac4a0ebb6b7bc885274aa8b2bd9971f07013c,767cd24d3c4ae847688877def4891943f6611ecd)`	affected	code_commit	—
`[39fc2bc4da0082c226cbee331f0a5d44db3997da,062ea905fff7756b2e87143ffccaece5cdb44267)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.18.16,6.18.19)`	affected	semver	—
`[6.19.6,6.19.9)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the amdgpu null-check patch commits
If an upgrade is not immediately possible, disable the amdgpu kernel module to prevent crashes during old driver cleanup
Reboot the system after upgrading or disabling the module and verify that GPU operation is stable

Generated by OpenCVE AI on May 9, 2026 at 01:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267
https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8
https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecd
https://lore.kernel.org/linux-cve-announce/2026050829-CVE-2026-43369-60b9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43369
https://www.cve.org/CVERecord?id=CVE-2026-43369

History

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
References		https://lore.kernel.org/linux-cve-announce/2026050829-CVE-2026-43369-60b9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43369 https://www.cve.org/CVERecord?id=CVE-2026-43369

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and amdgpu_device_set_cg_state which iterate over all IP blocks and access adev->ip_blocks[i].version without NULL checks, leading to a kernel NULL pointer dereference. Add NULL checks for adev->ip_blocks[i].version in both amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent dereferencing NULL pointers during GPU teardown when initialization has failed. (cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)
Title		drm/amd: Fix NULL pointer dereference in device cleanup
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267 https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8 https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecd

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:21.174Z

Updated: 2026-05-08T14:21:21.174Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43369

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:47.960

Modified: 2026-05-08T15:16:47.960

Link: CVE-2026-43369

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43369 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T02:00:19Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object