Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths

In dc_dmub_srv_log_diagnostic_data() and
dc_dmub_srv_enable_dpia_trace().

Both functions check:

if (!dc_dmub_srv || !dc_dmub_srv->dmub)

and then call DC_LOG_ERROR() inside that block.

DC_LOG_ERROR() uses dc_dmub_srv->ctx internally. So if
dc_dmub_srv is NULL, the logging itself can dereference a
NULL pointer and cause a crash.

Fix this by splitting the checks.

First check if dc_dmub_srv is NULL and return immediately.
Then check dc_dmub_srv->dmub and log the error only when
dc_dmub_srv is valid.

Fixes the below:
../display/dc/dc_dmub_srv.c:962 dc_dmub_srv_log_diagnostic_data() error: we previously assumed 'dc_dmub_srv' could be null (see line 961)
../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_enable_dpia_trace() error: we previously assumed 'dc_dmub_srv' could be null (see line 1166)
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a NULL pointer dereference in Linux kernel DRM driver functions that can cause a kernel crash when the logging path is triggered for a null service structure. The failure occurs inside the error handling of dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace() and can be exploited by an attacker with code execution privileges in kernel space to cause a denial of service.

Affected Systems

The affected product is the Linux kernel. Specific distribution or kernel version information is not listed in the available data, but the flaw exists in the DRM component of the AMD display driver.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity, but the vulnerability allows a local attacker to crash the kernel, leading to a system restart or halt. The EPSS score is < 1%, indicating a low likelihood of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires code to run within the kernel, likely via a local privilege escalation or driver bug, and would therefore be a local denial‑of‑service attack.

Generated by OpenCVE AI on June 29, 2026 at 13:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the fix that splits the null check and prevents the crash
  • If upgrading cannot be performed immediately, disable or limit diagnostic features in the DRM subsystem that trigger the vulnerable logging paths (e.g., disable dpia trace or diagnostic logging if exposed)
  • If the system uses AMD GPUs, uninstall or disable the affected kernel module until the patch is available

Generated by OpenCVE AI on June 29, 2026 at 13:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Fri, 26 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths In dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(). Both functions check: if (!dc_dmub_srv || !dc_dmub_srv->dmub) and then call DC_LOG_ERROR() inside that block. DC_LOG_ERROR() uses dc_dmub_srv->ctx internally. So if dc_dmub_srv is NULL, the logging itself can dereference a NULL pointer and cause a crash. Fix this by splitting the checks. First check if dc_dmub_srv is NULL and return immediately. Then check dc_dmub_srv->dmub and log the error only when dc_dmub_srv is valid. Fixes the below: ../display/dc/dc_dmub_srv.c:962 dc_dmub_srv_log_diagnostic_data() error: we previously assumed 'dc_dmub_srv' could be null (see line 961) ../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_enable_dpia_trace() error: we previously assumed 'dc_dmub_srv' could be null (see line 1166)
Title drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:06.568Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53313

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53313 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T13:45:07Z

Weaknesses