NULL pointer dereference in Linux kernel - CVE-2025-71293
Published: May 7, 2026
Vulnerability identifier: #VU130623
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-71293
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in amdgpu_ras_sysfs_badpages_read when reading the badpages sysfs entry with eeprom data containing only invalid address entries. A local user can read the affected sysfs entry to cause a denial of service.
The issue occurs in the rare case where allocation is skipped because the eeprom contains only invalid address entries, and it can also result in space left assigned to negative values.
How to mitigate CVE-2025-71293
Install security update from vendor's repository.