CVE-2026-43369 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd: Fix NULL pointer dereference in device cleanup

When GPU initialization fails due to an unsupported HW block
IP blocks may have a NULL version pointer. During cleanup in
amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and
amdgpu_device_set_cg_state which iterate over all IP blocks and access
adev->ip_blocks[i].version without NULL checks, leading to a kernel
NULL pointer dereference.

Add NULL checks for adev->ip_blocks[i].version in both
amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent
dereferencing NULL pointers during GPU teardown when initialization has
failed.

(cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fc58ef30e0a1524ce72a8e873d773ba3b0830c7d`	affected	< 43025c941aced9a9009f9ff20eea4eb78c61deb8
`6d7ac4a0ebb6b7bc885274aa8b2bd9971f07013c`	affected	< 767cd24d3c4ae847688877def4891943f6611ecd
`39fc2bc4da0082c226cbee331f0a5d44db3997da`	affected	< 062ea905fff7756b2e87143ffccaece5cdb44267

Linux

unaffected

Version	Status	Constraints
`6.18.16`	affected	< 6.18.19
`6.19.6`	affected	< 6.19.9

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267
https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8
https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecd

History

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and amdgpu_device_set_cg_state which iterate over all IP blocks and access adev->ip_blocks[i].version without NULL checks, leading to a kernel NULL pointer dereference. Add NULL checks for adev->ip_blocks[i].version in both amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent dereferencing NULL pointers during GPU teardown when initialization has failed. (cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)
Title		drm/amd: Fix NULL pointer dereference in device cleanup
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267 https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8 https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecd

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:21.174Z

Updated: 2026-05-08T14:21:21.174Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43369

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:47.960

Modified: 2026-05-08T15:16:47.960

Link: CVE-2026-43369

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T17:30:13Z

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object