Description
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status()

When media GT is disabled via configfs, there is no allocation for
media_gt, which is kept as NULL. In such scenario,
intel_hdcp_gsc_check_status() results in a kernel pagefault error due to
&gt->uc.gsc being evaluated as an invalid memory address.

Fix that by introducing a NULL check on media_gt and bailing out early
if so.

While at it, also drop the NULL check for gsc, since it can't be NULL if
media_gt is not NULL.

v2:
- Get address for gsc only after checking that gt is not NULL.
(Shuicheng)
- Drop the NULL check for gsc. (Shuicheng)
v3:
- Add "Fixes" and "Cc: <stable...>" tags. (Matt)

(cherry picked from commit bfaf87e84ca3ca3f6e275f9ae56da47a8b55ffd1)
Published: 2026-05-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference occurs in the Linux kernel’s DRM xe HDCP subsystem when the media_gt feature is disabled via configfs and no memory is allocated for it. The function intel_hdcp_gsc_check_status accesses an invalid address, causing a kernel page fault that compromises the entire operating system. The primary impact of the fault is a system kernel crash, resulting in a denial of service and a potential reboot requirement. The vulnerability stems from a lack of NULL checking before dereferencing a pointer (CWE‑476).

Affected Systems

All Linux kernel implementations that include the DRM Xe HDCP subsystem and support the media_gt configuration. No specific vendor or version numbers are enumerated in the advisory, but any kernel release containing the drm/xe/hdcp code prior to the patch is potentially vulnerable.

Risk and Exploitability

The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog and has a CVSS score of 5.5, with an EPSS score of <1%, indicating limited publicly known exploitation data. The attack vector is inferred to be local, requiring an attacker with the ability to modify configfs entries for the media_gt feature. Since the fault triggers a kernel crash, the effect is high if the configuration can be manipulated, but the lack of remote capabilities and available public exploit reduces immediate risk to systems that enforce strict permission controls on configfs.

Generated by OpenCVE AI on May 29, 2026 at 03:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version containing the patch that adds the NULL check in intel_hdcp_gsc_check_status; this may require reboot and ensuring the running kernel matches the patched source.
  • If a kernel update cannot be applied immediately, disable the media_gt feature in configfs or remove the media_gt node; this prevents the null pointer dereference from occurring.
  • Fortify the system by tightening permissions on the configfs media_gt node or applying SELinux/AppArmor restrictions to limit who can modify the configuration, ensuring only trusted users have modification rights.

Generated by OpenCVE AI on May 29, 2026 at 03:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() When media GT is disabled via configfs, there is no allocation for media_gt, which is kept as NULL. In such scenario, intel_hdcp_gsc_check_status() results in a kernel pagefault error due to &gt->uc.gsc being evaluated as an invalid memory address. Fix that by introducing a NULL check on media_gt and bailing out early if so. While at it, also drop the NULL check for gsc, since it can't be NULL if media_gt is not NULL. v2: - Get address for gsc only after checking that gt is not NULL. (Shuicheng) - Drop the NULL check for gsc. (Shuicheng) v3: - Add "Fixes" and "Cc: <stable...>" tags. (Matt) (cherry picked from commit bfaf87e84ca3ca3f6e275f9ae56da47a8b55ffd1)
Title drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:40:32.891Z

Reserved: 2026-05-13T15:03:33.105Z

Link: CVE-2026-46216

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:37.237

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46216

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46216 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T03:30:26Z

Weaknesses