Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpu_device_fini_hw, the code calls amdgpu_device_set_pg_state and amdgpu_device_set_cg_state which iterate over all IP blocks and access adev->ip_blocks[i].version without NULL checks, leading to a kernel NULL pointer dereference. Add NULL checks for adev->ip_blocks[i].version in both amdgpu_device_set_cg_state and amdgpu_device_set_pg_state to prevent dereferencing NULL pointers during GPU teardown when initialization has failed. (cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.18.16, < 6.18.19 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/062ea905fff7756b2e87143ffccaece5cdb44267Patch
- https://git.kernel.org/stable/c/43025c941aced9a9009f9ff20eea4eb78c61deb8Patch
- https://git.kernel.org/stable/c/767cd24d3c4ae847688877def4891943f6611ecdPatch
FAQ
What is CVE-2026-43369?
CVE-2026-43369 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks may...
How severe is CVE-2026-43369?
CVE-2026-43369 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-43369?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.