Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local-only vector; low-privilege user can trigger kernel panic; no confidentiality or integrity impact, only availability via kernel crash.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()
Fixes a NULL pointer dereference when ras_core is NULL and ras_core->dev is accessed in the error path.
Reported by: Dan Carpenter <dan.carpenter@linaro.org>
AnalysisAI
NULL pointer dereference in the Linux kernel's AMD RAS subsystem crashes systems with AMD GPU hardware. The function ras_core_ras_interrupt_detected() in drm/amd/ras fails to validate the ras_core pointer before dereferencing ras_core->dev in an error path, enabling a local low-privilege user to trigger a kernel panic and denial of service. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Local system access with low-privilege credentials is required (AV:L/PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (5.5 Medium) accurately characterizes the risk profile: local-only, low-privilege exploitation yielding availability impact only (kernel panic), with no confidentiality or integrity consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with standard (low-privilege) account access on a Linux system equipped with an AMD GPU triggers AMD RAS interrupt handling under conditions where the `ras_core` structure has not been initialized or has been freed, causing `ras_core_ras_interrupt_detected()` to dereference a NULL pointer. The kernel immediately panics, crashing the entire system and requiring a physical or remote reboot to restore availability. … |
| Remediation | The primary fix is to upgrade to a patched kernel version - Linux 7.1, 7.0.10, or 6.19 - which incorporate commits f2f2ed3d359509c311cc6626226e4578d7eb77d8 and 6b606216e03fa2b53cc179d8383b683a140fe6e1, available at https://git.kernel.org/stable/c/f2f2ed3d359509c311cc6626226e4578d7eb77d8 and https://git.kernel.org/stable/c/6b606216e03fa2b53cc179d8383b683a140fe6e1. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39851
GHSA-ggr3-2pmh-fq3p