SB20260507230 - NULL pointer dereference in Linux kernel amd amdgpu driver



SB20260507230 - NULL pointer dereference in Linux kernel amd amdgpu driver

Published: May 7, 2026

Security Bulletin ID SB20260507230
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2025-71293)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a null pointer dereference in amdgpu_ras_sysfs_badpages_read when reading the badpages sysfs entry with eeprom data containing only invalid address entries. A local user can read the affected sysfs entry to cause a denial of service.

The issue occurs in the rare case where allocation is skipped because the eeprom contains only invalid address entries, and it can also result in space left assigned to negative values.


Remediation

Install update from vendor's website.