Impact
A flaw in the AMD RAS driver for Linux causes a null pointer dereference when the variable ras_core is null and its member dev is accessed during an error path. The result is a kernel panic that leads to a denial of service. The underlying weakness is a classic NULL pointer dereference (CWE‑476).
Affected Systems
All Linux kernels that include the AMD RAS driver but have not applied the commit that inserts the null‑check are affected. This encompasses any distribution shipping a kernel version prior to the patch, as the CVE is listed for Linux:Linux.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The EPSS score of <1% suggests a low probability of exploitation. It is not listed in the CISA KEV catalog. Based on the description, the bug appears during an error path that likely requires local or privileged execution; thus exploitation most probably originates from a local attacker with sufficient kernel access. The risk to confidentiality and integrity is low, whereas availability is impacted if a crash occurs.
OpenCVE Enrichment