Skip to main content

Linux Kernel CVE-2026-46245

| EUVDEUVD-2026-34107 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-03 Linux GHSA-gc8h-w3qg-mpcq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 22:48 vuln.today
CVSS changed
Jun 09, 2026 - 20:37 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix dc_link NULL handling in HPD init

amdgpu_dm_hpd_init() may see connectors without a valid dc_link.

The code already checks dc_link for the polling decision, but later unconditionally dereferences it when setting up HPD interrupts.

Assign dc_link early and skip connectors where it is NULL.

Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_irq.c:940 amdgpu_dm_hpd_init() error: we previously assumed 'dc_link' could be null (see line 931)

drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_irq.c 923 /* 924 * Analog connectors may be hot-plugged unlike other connector 925 * types that don't support HPD. Only poll analog connectors. 926 */ 927 use_polling |= 928 amdgpu_dm_connector->dc_link && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The patch adds this NULL check but hopefully it can be removed

929 dc_connector_supports_analog(amdgpu_dm_connector->dc_link->link_id.id); 930 931 dc_link = amdgpu_dm_connector->dc_link;

dc_link assigned here.

932 933 /* 934 * Get a base driver irq reference for hpd ints for the lifetime 935 * of dm. Note that only hpd interrupt types are registered with 936 * base driver; hpd_rx types aren't. IOW, amdgpu_irq_get/put on 937 * hpd_rx isn't available. DM currently controls hpd_rx 938 * explicitly with dc_interrupt_set() 939 */ --> 940 if (dc_link->irq_source_hpd != DC_IRQ_SOURCE_INVALID) { ^^^^^^^^^^^^^^^^^^^^^^^ If it's NULL then we are trouble because we dereference it here.

941 irq_type = dc_link->irq_source_hpd - DC_IRQ_SOURCE_HPD1; 942 /* 943 * TODO: There's a mismatch between mode_info.num_hpd 944 * and what bios reports as the

of connectors with hpd

AnalysisAI

Null pointer dereference in the Linux kernel's AMD GPU display driver (drm/amd/display) crashes the kernel during Hot Plug Detection (HPD) initialization on systems with AMD GPUs. The amdgpu_dm_hpd_init() function assigns dc_link from a connector but then unconditionally dereferences it at line 940 of amdgpu_dm_irq.c without first confirming it is non-NULL - connectors lacking a valid dc_link trigger a kernel NULL dereference. Exploitation requires local, low-privileged access to a system with an affected AMD GPU; no public exploit has been identified at time of analysis and EPSS probability is 0.02% (5th percentile), indicating very limited real-world exploitation pressure.

Technical ContextAI

The vulnerability resides in the Direct Rendering Manager (DRM) subsystem for AMD GPUs within the Linux kernel, specifically in drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_irq.c. The amdgpu_dm_hpd_init() function iterates over display connectors to register HPD (Hot Plug Detection) interrupt sources. The root cause (CWE-476: NULL Pointer Dereference) is a logic inconsistency: the code conditionally checks dc_link for the polling decision path (line 927-929) - acknowledging that it may be NULL - but then assigns dc_link = amdgpu_dm_connector->dc_link at line 931 and immediately dereferences dc_link->irq_source_hpd at line 940 without a NULL guard. Connectors that do not have an associated dc_link (e.g., analog connectors in certain configurations) can trigger this dereference. The fix assigns dc_link early and skips processing for connectors where it is NULL. Affected CPE is cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, covering kernel versions from commit 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c up to the fix commits a490e4d3c9fed1e690c8de348416eea3a9f054ff and 226a40c06a183abaeb7529a4f54d6c203bd14407.

RemediationAI

The primary fix is to upgrade the Linux kernel to version 6.19.4 or 7.0 or later, which incorporate the upstream commits a490e4d3c9fed1e690c8de348416eea3a9f054ff and 226a40c06a183abaeb7529a4f54d6c203bd14407. Distribution maintainers (RHEL, Debian, Ubuntu, SUSE, etc.) should be checked for backported stable patches for LTS branches. For systems that cannot be patched immediately and that use AMD GPUs, a compensating control is to restrict local interactive access and prevent untrusted users from triggering GPU connector enumeration - this does not eliminate the vulnerability but reduces the opportunity for exploitation. Disabling HPD interrupts entirely is theoretically possible via module parameters but would impair display hot-plug functionality and is not recommended for production display systems. Systems without AMD GPUs are unaffected and require no action. The kernel patch references are: https://git.kernel.org/stable/c/a490e4d3c9fed1e690c8de348416eea3a9f054ff and https://git.kernel.org/stable/c/226a40c06a183abaeb7529a4f54d6c203bd14407.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-46245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy