Primary

Context

Linux Kernel Null Pointer Dereference Vulnerability in AMD GPU Power Management

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the Linux kernel's AMD GPU power management component. This issue arises when a string is written to the 'gpu_od/fan_ctrl' sysfs interface or the 'pp_power_profile_mode' setting for the CUSTOM profile, without proper delimiters. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or denial of service condition.

Reproduction

To reproduce this vulnerability, write a string without delimiters to the 'gpu_od/fan_ctrl' sysfs interface or the 'pp_power_profile_mode' for the CUSTOM profile. The absence of delimiters will trigger the null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.

Added: Sep 4, 2025, 7:14 PM

Updated: Sep 4, 2025, 7:14 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Null Pointer Dereference Vulnerability in AMD GPU Power Management

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating