Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AC:H reflects the prerequisite of specific retired hardware and a specific init failure condition; all other metrics match the local, low-privilege, availability-only impact profile.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500/oaktrail_lvds: fix hang on init failure
The LVDS init code looks up an I2C adapter using i2c_get_adapter() and tries to read the EDID before falling back to allocating and registering its own adapter.
The error handling does not separate these cases so on a late init failure it will try to deregister and free also an adapter that had previously been registered. Since i2c_get_adapter() takes another reference to the adapter, deregistration hangs indefinitely while waiting for the reference to be released.
Fix this by only destroying adapters allocated during LVDS init on errors.
AnalysisAI
Indefinite kernel hang in the Linux kernel's drm/gma500 Oaktrail LVDS display initialization code can be triggered locally on systems with Intel GMA 500/Oaktrail graphics hardware, causing a denial of service requiring a hard reboot. The defect lies in error handling that incorrectly attempts to deregister an I2C adapter obtained via i2c_get_adapter() - which only increments a reference count - rather than restricting cleanup to adapters the driver itself allocated. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) local access with at least low-privilege credentials (PR:L per CVSS); (2) the target system must be equipped with an Intel GMA 500 (Poulsbo) or Oaktrail integrated graphics chipset running the gma500_gfx kernel module - this hardware is found exclusively in older Atom-based netbooks and embedded systems from approximately 2008-2012; (3) the LVDS initialization error path must be triggered, specifically a late init failure occurring after i2c_get_adapter() has already returned a reference. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately captures a local, low-privilege denial-of-service with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with low-privilege shell access on a legacy Atom-based system (e.g., a netbook or embedded device) running the Intel GMA 500/Oaktrail graphics driver encounters or induces conditions that cause the LVDS display initialization to fail after i2c_get_adapter() has already been called. The kernel's error handling then calls i2c_del_adapter() on the externally-referenced adapter, which blocks indefinitely waiting for the borrowed reference to be released, hanging the kernel and requiring a hard reboot to recover. |
| Remediation | The primary fix is to upgrade the Linux kernel to a patched stable release: 7.1, 7.0.10, 6.18.33, 6.1.175, 6.6.141, or 6.12.91. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39884
GHSA-jqmf-8mg5-g38p