Volerion logoVolerion
Volerion logoVolerion

Linux Kernel HDMI Teardown Null Dereference Vulnerability in DRM GMA500 Oaktrail

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's DRM GMA500 graphics driver, specifically in the Oaktrail HDMI handling code. This issue arises because the 'pci_set_drvdata' function sets the driver data to NULL, which is then dereferenced in the 'oaktrail_hdmi_i2c_exit' function, leading to a potential crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a system crash.

Reproduction

The vulnerability can be reproduced by loading the GMA500 DRM driver with Oaktrail support, and then triggering the HDMI teardown process. This sequence will cause the driver data to be set to NULL and subsequently dereferenced, leading to a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Oct 20, 2025, 4:27 PM
Updated: Oct 20, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
0.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.