Impact
The Linux kernel xe graphics driver contains a flaw where it may dereference a null pointer during suspend or shutdown when no display is present. This fault leads to a kernel oops, causing the system to crash and become unavailable temporarily or permanently until reboot. The weakness is a classic NULL pointer dereference, classified as CWE-824. This defect does not provide an attacker with code execution or privilege escalation.
Affected Systems
The vulnerability affects older Linux kernel versions that include the xe driver without the recent fixes. Specific product versions are not listed in the CVE, so any kernel build that contains the affected xe driver code before the patch is potentially impacted. Users should verify whether their kernel revision includes the commit chain referenced in the advisory.
Risk and Exploitability
The anomaly can be triggered during normal system suspend or shutdown operations when no display is detected. The threat is effectively local and requires the system to be actively transitioning states. The CVSS score of 5.5 indicates medium severity. The EPSS score of <1% suggests a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The risk remains limited to denial of service, with no potential for remote code execution or data compromise. Nevertheless, a crash that prevents system operation can have significant operational impact in production environments.
OpenCVE Enrichment
Debian DSA