Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local-only vector with low-privilege trigger; pure availability impact (kernel crash); no confidentiality or integrity consequence.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
In dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace().
Both functions check:
if (!dc_dmub_srv || !dc_dmub_srv->dmub)
and then call DC_LOG_ERROR() inside that block.
DC_LOG_ERROR() uses dc_dmub_srv->ctx internally. So if dc_dmub_srv is NULL, the logging itself can dereference a NULL pointer and cause a crash.
Fix this by splitting the checks.
First check if dc_dmub_srv is NULL and return immediately. Then check dc_dmub_srv->dmub and log the error only when dc_dmub_srv is valid.
Fixes the below: ../display/dc/dc_dmub_srv.c:962 dc_dmub_srv_log_diagnostic_data() error: we previously assumed 'dc_dmub_srv' could be null (see line 961) ../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_enable_dpia_trace() error: we previously assumed 'dc_dmub_srv' could be null (see line 1166)
AnalysisAI
NULL pointer dereference in the Linux kernel AMD display driver (drm/amd/display) can cause a kernel panic on systems running AMD GPUs, resulting in a complete denial of service. The flaw resides in dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace() in dc_dmub_srv.c, where a combined NULL guard incorrectly permits DC_LOG_ERROR() - which internally dereferences dc_dmub_srv->ctx - to execute when dc_dmub_srv itself is NULL. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The system must be running Linux kernel versions from 5.14 through pre-patch 7.0.x with an AMD GPU present and the amdgpu kernel module loaded. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H accurately characterizes this as a local, low-complexity denial-of-service issue requiring only low privileges. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with standard (low-privilege) account access on a Linux system running an AMD GPU triggers a code path that reaches dc_dmub_srv_log_diagnostic_data() or dc_dmub_srv_enable_dpia_trace() with a NULL dc_dmub_srv pointer, causing DC_LOG_ERROR() to dereference NULL through ctx, generating a kernel NULL pointer dereference oops and crashing the system. No public exploit code has been identified; triggering this path likely requires specific AMD display driver error conditions, reducing opportunistic exploitability. |
| Remediation | The upstream fix is available via two stable kernel commits: b37a978e6d8c33fbfa4abc5dcca4c7cfc6d01f22 (https://git.kernel.org/stable/c/b37a978e6d8c33fbfa4abc5dcca4c7cfc6d01f22) and 4ae3e16f4b3bf64140f773629b765d605ee079a9 (https://git.kernel.org/stable/c/4ae3e16f4b3bf64140f773629b765d605ee079a9). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39848
GHSA-2885-rcqv-3jp6