SB20260507230 - NULL pointer dereference in Linux kernel amd amdgpu driver
Published: May 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-71293)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in amdgpu_ras_sysfs_badpages_read when reading the badpages sysfs entry with eeprom data containing only invalid address entries. A local user can read the affected sysfs entry to cause a denial of service.
The issue occurs in the rare case where allocation is skipped because the eeprom contains only invalid address entries, and it can also result in space left assigned to negative values.
Remediation
Install update from vendor's website.