Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local attack vector with low-privilege user required; impact is kernel panic only (Availability:High); no confidentiality or integrity effect applies to this DoS-only NULL deref.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp()
ras_core_get_utc_second_timestamp() retrieves the current UTC timestamp (in seconds since the Unix epoch) through a platform-specific RAS system callback and is used for timestamping RAS error events.
The function checks ras_core in the conditional statement before calling the sys_fn callback. However, when the condition fails, the function prints an error message using ras_core->dev.
If ras_core is NULL, this can lead to a potential NULL pointer dereference when accessing ras_core->dev.
Add an early NULL check for ras_core at the beginning of the function and return 0 when the pointer is not valid. This prevents the dereference and makes the control flow clearer.
AnalysisAI
NULL pointer dereference in the Linux kernel's drm/amd/ras subsystem allows a local low-privileged user to crash the kernel on systems with AMD GPUs. The flaw in ras_core_get_utc_second_timestamp() occurs when a NULL ras_core pointer passes a conditional check but is then dereferenced in the subsequent error-printing path, producing a kernel panic. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) local, low-privilege authenticated access to the target system; (2) an AMD GPU present and recognized by the kernel; (3) the amdgpu kernel module loaded with the RAS (Reliability, Availability, Serviceability) subsystem active; and (4) a condition where ras_core is NULL at the moment ras_core_get_utc_second_timestamp() executes, which may occur during driver initialization, teardown, or error-recovery sequences. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 5.5 with AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H accurately reflects a local, low-complexity denial-of-service requiring only a low-privilege shell account. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with a low-privilege shell account on an AMD GPU-equipped Linux server triggers a race or teardown condition in the AMD RAS subsystem that results in ras_core being NULL when ras_core_get_utc_second_timestamp() is called. The function attempts to log an error via ras_core->dev, dereferences the NULL pointer, and the kernel panics, taking down the host. … |
| Remediation | Update to Linux kernel 7.0.10, 7.1, or 6.19 (per the applicable stable branch), which incorporate the fix commits available at https://git.kernel.org/stable/c/2b8101cc3b34d4d80d799360d2744829d5964479 and https://git.kernel.org/stable/c/6c84f7f0afc415691ffa7d48aa7ce1d8e6083032. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39850
GHSA-43h2-vrg5-h3qp