Impact
The vulnerability is a NULL pointer dereference in Linux kernel DRM driver functions that can cause a kernel crash when the logging path is triggered for a null service structure. The failure occurs inside the error handling of dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace() and can be exploited by an attacker with code execution privileges in kernel space to cause a denial of service.
Affected Systems
The affected product is the Linux kernel. Specific distribution or kernel version information is not listed in the available data, but the flaw exists in the DRM component of the AMD display driver.
Risk and Exploitability
The CVSS score is 5.5, indicating moderate severity, but the vulnerability allows a local attacker to crash the kernel, leading to a system restart or halt. The EPSS score is < 1%, indicating a low likelihood of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires code to run within the kernel, likely via a local privilege escalation or driver bug, and would therefore be a local denial‑of‑service attack.
OpenCVE Enrichment