SB20260626206 - NULL pointer dereference in Linux kernel xe display driver



SB20260626206 - NULL pointer dereference in Linux kernel xe display driver

Published: June 26, 2026

Security Bulletin ID SB20260626206
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2026-53142)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in the xe display initialization and cleanup logic when handling suspend or shutdown on systems without display hardware present. A local user can trigger suspend or shutdown processing to cause a denial of service.

The issue occurs when display support is probed but display hardware is later determined to be unavailable or disabled at runtime initialization.


Remediation

Install update from vendor's website.