Impact
In the Linux kernel’s AMD64 AGP driver, a missing error check in agp_amd64_probe() causes the function to ignore a negative error from cache_nbs() when no AMD northbridge is present. The probe continues, later calling agp_add_bridge() and amd64_fetch_size(). node_to_amd_nb(0) then returns NULL, and dereferencing its ->misc member triggers a General Protection Fault. The fault crashes the kernel, leading to a denial‑of‑service. The weakness is a NULL pointer dereference (CWE‑476).
Affected Systems
The vulnerability resides in the Linux kernel code that implements the AMD64 AGP driver. All kernel versions prior to the commit that added the proper error check (cited in the advisory) are affected. The issue is most likely to be triggered in virtualized environments such as QEMU/KVM that present an AGP device without an underlying AMD northbridge; when the host kernel loads the driver to support the VM, the bug causes a crash. Any Linux host kernel that exposes an AGP device to a virtual machine is at risk if the kernel has not been updated to include the fix.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity; the EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog. The bug leads directly to a kernel crash rather than arbitrary code execution, so exploitation requires that the faulting code path be exercised within the kernel. This can be achieved by a malicious virtual machine or by a host configuration that mounts an AGP device lacking a northbridge. The likelihood of exploitation is low but the impact is high, as it results in service interruption of the host system.
OpenCVE Enrichment
Debian DLA
Debian DSA