Primary

Context

Linux Kernel GuC Load Failure Vulnerability Leading to NULL Pointer Dereference

Vulnerability

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) driver for Intel graphics can lead to a NULL pointer dereference. This issue occurs when the Graphics Microcontroller (GuC) fails to load, causing the driver to enter a 'wedged' state. In this state, the driver attempts to execute tasks that may not be properly initialized, leading to a crash. The vulnerability can be triggered by forcing a signature verification failure in the GuC binary.

Impact

The vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading a GuC binary that is intentionally crafted to fail signature verification. This failure causes the driver to wedge and attempt to access uninitialized resources, resulting in a NULL pointer dereference.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.8

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.8

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel GuC Load Failure Vulnerability Leading to NULL Pointer Dereference

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating