Impact
The Linux kernel DRM driver for GMA500 Oaktrail LVDS contains a flaw that causes a system hang when the driver initialization fails. The init routine obtains an I2C adapter via i2c_get_adapter and, on failure, attempts to deregister that adapter, but the code does not distinguish between adapters acquired from the system and ones created locally. This can result in a deadlock where the kernel waits indefinitely for a reference count to drop, effectively freezing the entire operating system and denying all services.
Affected Systems
The vulnerability affects any Linux kernel that includes the gma500 oaktrail_lvds driver. It is inferred that all kernel builds containing this driver, whether built‑in or loaded as a module, are susceptible. The advisory does not specify particular kernel version ranges, so any kernel tree with the vulnerable code is potentially at risk.
Risk and Exploitability
The flaw is a local denial‑of‑service that depends on the driver initialization path being triggered. The likely attack vector is a low‑privileged user manipulating the display environment in a way that forces the driver to fail during initialization, such as by tampering with EDID data or disconnecting the monitor during system boot. The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog. The CVSS score is 5.5, but the impact of a complete system freeze means this issue warrants urgent attention.
OpenCVE Enrichment
Debian DLA