CVE-2026-43369 (GCVE-0-2026-43369)

Vulnerability from cvelistv5 – Published: 2026-05-08 14:21 – Updated: 2026-05-11 22:23
VLAI
Title
drm/amd: Fix NULL pointer dereference in device cleanup
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and amdgpu_device_set_cg_state which iterate over all IP blocks and access adev->ip_blocks[i].version without NULL checks, leading to a kernel NULL pointer dereference. Add NULL checks for adev->ip_blocks[i].version in both amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent dereferencing NULL pointers during GPU teardown when initialization has failed. (cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: fc58ef30e0a1524ce72a8e873d773ba3b0830c7d , < 43025c941aced9a9009f9ff20eea4eb78c61deb8 (git)
Affected: 6d7ac4a0ebb6b7bc885274aa8b2bd9971f07013c , < 767cd24d3c4ae847688877def4891943f6611ecd (git)
Affected: 39fc2bc4da0082c226cbee331f0a5d44db3997da , < 062ea905fff7756b2e87143ffccaece5cdb44267 (git)
Create a notification for this product.
Linux Linux Affected: 6.18.16 , < 6.18.19 (semver)
Affected: 6.19.6 , < 6.19.9 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "43025c941aced9a9009f9ff20eea4eb78c61deb8",
              "status": "affected",
              "version": "fc58ef30e0a1524ce72a8e873d773ba3b0830c7d",
              "versionType": "git"
            },
            {
              "lessThan": "767cd24d3c4ae847688877def4891943f6611ecd",
              "status": "affected",
              "version": "6d7ac4a0ebb6b7bc885274aa8b2bd9971f07013c",
              "versionType": "git"
            },
            {
              "lessThan": "062ea905fff7756b2e87143ffccaece5cdb44267",
              "status": "affected",
              "version": "39fc2bc4da0082c226cbee331f0a5d44db3997da",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_device.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.18.19",
              "status": "affected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThan": "6.19.9",
              "status": "affected",
              "version": "6.19.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.19",
                  "versionStartIncluding": "6.18.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.9",
                  "versionStartIncluding": "6.19.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix NULL pointer dereference in device cleanup\n\nWhen GPU initialization fails due to an unsupported HW block\nIP blocks may have a NULL version pointer. During cleanup in\namdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and\namdgpu_device_set_cg_state which iterate over all IP blocks and access\nadev-\u003eip_blocks[i].version without NULL checks, leading to a kernel\nNULL pointer dereference.\n\nAdd NULL checks for adev-\u003eip_blocks[i].version in both\namdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent\ndereferencing NULL pointers during GPU teardown when initialization has\nfailed.\n\n(cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:23:15.282Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecd"
        },
        {
          "url": "https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267"
        }
      ],
      "title": "drm/amd: Fix NULL pointer dereference in device cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43369",
    "datePublished": "2026-05-08T14:21:21.174Z",
    "dateReserved": "2026-05-01T14:12:56.005Z",
    "dateUpdated": "2026-05-11T22:23:15.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-43369",
      "date": "2026-05-28",
      "epss": "0.00013",
      "percentile": "0.02242"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-43369\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-08T15:16:47.960\",\"lastModified\":\"2026-05-15T15:18:29.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amd: Fix NULL pointer dereference in device cleanup\\n\\nWhen GPU initialization fails due to an unsupported HW block\\nIP blocks may have a NULL version pointer. During cleanup in\\namdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and\\namdgpu_device_set_cg_state which iterate over all IP blocks and access\\nadev-\u003eip_blocks[i].version without NULL checks, leading to a kernel\\nNULL pointer dereference.\\n\\nAdd NULL checks for adev-\u003eip_blocks[i].version in both\\namdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent\\ndereferencing NULL pointers during GPU teardown when initialization has\\nfailed.\\n\\n(cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.18.16\",\"versionEndExcluding\":\"6.18.19\",\"matchCriteriaId\":\"0CED11FB-4FAA-4224-93EC-23FC2358D4C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19.6\",\"versionEndExcluding\":\"6.19.9\",\"matchCriteriaId\":\"2CFC1CE8-19E1-4AFC-BF52-43BDD2561EE6\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.