Description
In the Linux kernel, the following vulnerability has been resolved:

drm/imagination: Fix segfault when updating ftrace mask

Fix invalid data access by passing right data for debugfs entry.

[ 171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 171.559248] Mem abort info:
[ 171.562173] ESR = 0x0000000096000044
[ 171.566227] EC = 0x25: DABT (current EL), IL = 32 bits
[ 171.573108] SET = 0, FnV = 0
[ 171.576448] EA = 0, S1PTW = 0
[ 171.579745] FSC = 0x04: level 0 translation fault
[ 171.584760] Data abort info:
[ 171.588012] ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000
[ 171.593734] CM = 0, WnR = 1, TnD = 0, TagAccess = 0
[ 171.598962] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000
[ 171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ 171.618500] Internal error: Oops: 0000000096000044 [#1] SMP
[ 171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...
[ 171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT
[ 171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)
[ 171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]
[ 171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]
[ 171.689593] sp : ffff8000835ebb90
[ 171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000
[ 171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000
[ 171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000
[ 171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000
[ 171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580
[ 171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30
[ 171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff
[ 171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a
[ 171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010
[ 171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0
[ 171.764871] Call trace:
[ 171.767342] pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)
[ 171.772984] simple_attr_write_xsigned.isra.0+0xe0/0x19c
[ 171.778341] simple_attr_write+0x18/0x24
[ 171.782296] debugfs_attr_write+0x50/0x98
[ 171.786341] full_proxy_write+0x6c/0xa8
[ 171.790208] vfs_write+0xd4/0x350
[ 171.793561] ksys_write+0x70/0x108
[ 171.796995] __arm64_sys_write+0x1c/0x28
[ 171.800952] invoke_syscall+0x48/0x10c
[ 171.804740] el0_svc_common.constprop.0+0x40/0xe0
[ 171.809487] do_el0_svc+0x1c/0x28
[ 171.812834] el0_svc+0x34/0x108
[ 171.816013] el0t_64_sync_handler+0xa0/0xe4
[ 171.820237] el0t_64_sync+0x198/0x19c
[ 171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)
[ 171.830073] ---[ end trace 0000000000000000 ]---
Published: 2026-06-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Imagination PowerVR driver, an incorrect value passed through a debugfs entry when updating the ftrace mask caused a null pointer dereference, triggering a kernel Oops and system crash. The fault occurs in the function that sets the trace mask and results in a kernel panic. This vulnerability is categorized as a null pointer dereference (CWE‑476).

Affected Systems

The flaw is present in Linux kernels that include the Imagination PowerVR DRM driver before the patch commit, affecting all distributions that ship such kernels. No specific kernel version is singled out, so any release with the driver should be considered at risk.

Risk and Exploitability

No CVSS or EPSS scores are publicly available, and the vulnerability is not listed in CISA KEV. Exploitation requires privileged access to write to a debugfs attribute, which is typically granted to root users. Once that permission is obtained, an attacker can trigger a kernel crash, leading to local denial of service. No documented remote exploitation or automatic exploitation chain exists.

Generated by OpenCVE AI on June 9, 2026 at 01:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Linux kernel that contains the patch for the Imagination driver, which fixes the ftrace mask update routine.
  • Restrict write access to debugfs entries for the Imagination driver, ensuring only trusted users can modify the trace mask.
  • As an interim measure, if the driver is not essential, disable the Imagination DRM module to prevent the null pointer dereference from being triggered.

Generated by OpenCVE AI on June 9, 2026 at 01:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
References

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. [ 171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 171.559248] Mem abort info: [ 171.562173] ESR = 0x0000000096000044 [ 171.566227] EC = 0x25: DABT (current EL), IL = 32 bits [ 171.573108] SET = 0, FnV = 0 [ 171.576448] EA = 0, S1PTW = 0 [ 171.579745] FSC = 0x04: level 0 translation fault [ 171.584760] Data abort info: [ 171.588012] ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000 [ 171.593734] CM = 0, WnR = 1, TnD = 0, TagAccess = 0 [ 171.598962] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000 [ 171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 171.618500] Internal error: Oops: 0000000096000044 [#1] SMP [ 171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm... [ 171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT [ 171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT) [ 171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr] [ 171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr] [ 171.689593] sp : ffff8000835ebb90 [ 171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000 [ 171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000 [ 171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000 [ 171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000 [ 171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580 [ 171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30 [ 171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff [ 171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a [ 171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010 [ 171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0 [ 171.764871] Call trace: [ 171.767342] pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P) [ 171.772984] simple_attr_write_xsigned.isra.0+0xe0/0x19c [ 171.778341] simple_attr_write+0x18/0x24 [ 171.782296] debugfs_attr_write+0x50/0x98 [ 171.786341] full_proxy_write+0x6c/0xa8 [ 171.790208] vfs_write+0xd4/0x350 [ 171.793561] ksys_write+0x70/0x108 [ 171.796995] __arm64_sys_write+0x1c/0x28 [ 171.800952] invoke_syscall+0x48/0x10c [ 171.804740] el0_svc_common.constprop.0+0x40/0xe0 [ 171.809487] do_el0_svc+0x1c/0x28 [ 171.812834] el0_svc+0x34/0x108 [ 171.816013] el0t_64_sync_handler+0xa0/0xe4 [ 171.820237] el0t_64_sync+0x198/0x19c [ 171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036) [ 171.830073] ---[ end trace 0000000000000000 ]---
Title drm/imagination: Fix segfault when updating ftrace mask
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-08T15:41:20.876Z

Reserved: 2026-05-13T15:03:33.109Z

Link: CVE-2026-46278

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:45.390

Modified: 2026-06-08T17:16:45.390

Link: CVE-2026-46278

cve-icon Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46278 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T02:00:21Z

Weaknesses