Volerion logoVolerion
Volerion logoVolerion

Linux Kernel NULL Pointer Dereference Vulnerability in VSP1 Module on Gen 4

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's VSP1 module for Generation 4. This issue occurs during the module unload process, where the cleanup code incorrectly calls the 'vsp1_drm_cleanup()' function instead of the appropriate 'vsp1_vspx_cleanup()' function. The error arises because the cleanup code does not properly check the IP version before calling the cleanup functions, leading to a crash when the module is unloaded.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected module.

Reproduction

To reproduce this vulnerability, load the VSP1 module on a system running Linux Kernel Generation 4. After the module is loaded, unload it. The module will crash due to a NULL pointer dereference, which can be observed in the system logs.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.

Added: Jun 8, 2026, 5:39 PM
Updated: Jun 8, 2026, 5:39 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.4
remediation
7.7
relevance
9.3
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.