Linux Kernel V3D Driver NULL Pointer Dereference Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's V3D graphics driver. This issue arises from a conflict between the DRM scheduler workqueue and the IRQ execution thread. After a job is completed, the job pointer is set to NULL, indicating that the job is finished. However, this change creates a race condition: as the IRQ execution thread signals the completion of a job, a new job can be assigned to the same pointer. If the IRQ execution thread sets the pointer to NULL after a new job has been assigned, it can lead to a NULL pointer dereference. This dereference occurs when the completed job generates an interrupt, triggering a crash by accessing a NULL reference.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel V3D Driver NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating