Skip to main content

Linux Kernel EUVDEUVD-2026-39233

| CVE-2026-53142 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-hx3f-5fww-5hr9
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local trigger via suspend/shutdown requiring low-privilege user, no data exposure, crash-only impact fully justifies AV:L/PR:L and C:N/I:N/A:H.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 07, 2026 - 16:58 vuln.today
CVSS changed
Jul 07, 2026 - 16:52 NVD
5.5 (MEDIUM)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 nvd
MEDIUM 5.5
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/display: fix oops in suspend/shutdown without display

The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe->info.probe_display. It gets set to false if there's no display after intel_display_device_probe(). However, the display may also be disabled via fuses, detected at a later time in intel_display_device_info_runtime_init().

In this case, the xe driver does for_each_intel_crtc() on uninitialized mode config in xe_display_flush_cleanup_work(), leading to a NULL pointer dereference, and generally calls display code with display info cleared.

Check for intel_display_device_present() after intel_display_device_info_runtime_init(), and reset xe->info.probe_display as necessary. Also do unset_display_features() for completeness, although display runtime init has already done that. This will need to be unified across all cases later.

Move intel_display_device_info_runtime_init() call slightly earlier, similar to i915, to avoid a bunch of unnecessary setup for no display cases.

Note #1: The xe driver has no business doing low level display plumbing like for_each_intel_crtc() to begin with. It all needs to happen in display code.

Note #2: The actual bug is present already in commit 44e694958b95 ("drm/xe/display: Implement display support"), but the oops was likely introduced later at commit ddf6492e0e50 ("drm/xe/display: Make display suspend/resume work on discrete").

(cherry picked from commit 7c3eb9f47533220888a67266448185fd0775d4da)

AnalysisAI

NULL pointer dereference in the Intel Xe GPU driver (drm/xe) causes a kernel panic during system suspend or shutdown when display hardware is disabled via hardware fuses rather than absent at initial probe. Systems running Linux 6.8 and later with Intel Xe GPUs in fuse-disabled display configurations are affected; a low-privileged local user can trigger an unplanned system crash by initiating suspend or shutdown. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify host with Xe GPU and fuse-disabled display
Delivery
Gain low-privileged local shell access
Exploit
Initiate system suspend or shutdown
Execution
Kernel executes xe_display_flush_cleanup_work()
Persist
for_each_intel_crtc() dereferences uninitialized mode config pointer
Impact
Kernel panic and system crash

Vulnerability AssessmentAI

Exploitation Exploitation requires four specific conditions to align: (1) the host hardware uses an Intel Xe GPU covered by the drm/xe driver; (2) the display subsystem on that GPU is disabled via hardware fuses - this is a specific non-default hardware configuration distinct from simply having no monitor attached; (3) the attacker has local user access with sufficient privileges to initiate a system suspend or shutdown (confirmed by CVSS PR:L - low-privileged local access required); and (4) the running kernel version falls between commit 44e694958b95 and the patched commits in the 6.x/7.x stable series. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) is consistent with the actual attack surface: local access, low privileges, and an availability-only impact (kernel panic). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard account access on a workstation or server equipped with an Intel Xe GPU where the display subsystem is fuse-disabled initiates a system suspend or reboot. The kernel enters xe_display_flush_cleanup_work(), iterates over CRTCs using an uninitialized mode config, dereferences a NULL pointer, and crashes, resulting in an unplanned system outage. …
Remediation Update to Linux 7.1 stable, 7.0.13, or 6.18.36, all of which contain the backported fix derived from upstream commit 7c3eb9f47533220888a67266448185fd0775d4da. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39233 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy