Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local trigger via suspend/shutdown requiring low-privilege user, no data exposure, crash-only impact fully justifies AV:L/PR:L and C:N/I:N/A:H.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/display: fix oops in suspend/shutdown without display
The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe->info.probe_display. It gets set to false if there's no display after intel_display_device_probe(). However, the display may also be disabled via fuses, detected at a later time in intel_display_device_info_runtime_init().
In this case, the xe driver does for_each_intel_crtc() on uninitialized mode config in xe_display_flush_cleanup_work(), leading to a NULL pointer dereference, and generally calls display code with display info cleared.
Check for intel_display_device_present() after intel_display_device_info_runtime_init(), and reset xe->info.probe_display as necessary. Also do unset_display_features() for completeness, although display runtime init has already done that. This will need to be unified across all cases later.
Move intel_display_device_info_runtime_init() call slightly earlier, similar to i915, to avoid a bunch of unnecessary setup for no display cases.
Note #1: The xe driver has no business doing low level display plumbing like for_each_intel_crtc() to begin with. It all needs to happen in display code.
Note #2: The actual bug is present already in commit 44e694958b95 ("drm/xe/display: Implement display support"), but the oops was likely introduced later at commit ddf6492e0e50 ("drm/xe/display: Make display suspend/resume work on discrete").
(cherry picked from commit 7c3eb9f47533220888a67266448185fd0775d4da)
AnalysisAI
NULL pointer dereference in the Intel Xe GPU driver (drm/xe) causes a kernel panic during system suspend or shutdown when display hardware is disabled via hardware fuses rather than absent at initial probe. Systems running Linux 6.8 and later with Intel Xe GPUs in fuse-disabled display configurations are affected; a low-privileged local user can trigger an unplanned system crash by initiating suspend or shutdown. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires four specific conditions to align: (1) the host hardware uses an Intel Xe GPU covered by the drm/xe driver; (2) the display subsystem on that GPU is disabled via hardware fuses - this is a specific non-default hardware configuration distinct from simply having no monitor attached; (3) the attacker has local user access with sufficient privileges to initiate a system suspend or shutdown (confirmed by CVSS PR:L - low-privileged local access required); and (4) the running kernel version falls between commit 44e694958b95 and the patched commits in the 6.x/7.x stable series. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) is consistent with the actual attack surface: local access, low privileges, and an availability-only impact (kernel panic). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with standard account access on a workstation or server equipped with an Intel Xe GPU where the display subsystem is fuse-disabled initiates a system suspend or reboot. The kernel enters xe_display_flush_cleanup_work(), iterates over CRTCs using an uninitialized mode config, dereferences a NULL pointer, and crashes, resulting in an unplanned system outage. … |
| Remediation | Update to Linux 7.1 stable, 7.0.13, or 6.18.36, all of which contain the backported fix derived from upstream commit 7c3eb9f47533220888a67266448185fd0775d4da. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-908 – Use of Uninitialized Resource
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39233
GHSA-hx3f-5fww-5hr9