Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Null Pointer Dereference Vulnerability in AMD Display Driver

Vulnerability

A potential null pointer dereference vulnerability has been identified in the Linux kernel's AMD display driver. The issue arises in the 'amdgpu_dm_fini()' function, where the 'adev->dm.dc' pointer can be NULL and is dereferenced without prior validation. This vulnerability has been addressed by adding a NULL pointer check before calling 'dc_dmub_srv_destroy()'. The flaw was discovered by the Linux Verification Center using the SVACE analysis tool.

Impact

Exploitation of this vulnerability could lead to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by invoking the 'amdgpu_dm_fini()' function without ensuring that the 'adev->dm.dc' pointer is valid. This scenario can occur during the cleanup process of the AMD display driver when the 'dc' pointer is NULL.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Stable Patches repository.

Added: Oct 1, 2025, 2:00 PM
Updated: Oct 1, 2025, 2:00 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.