5.5

CVE-2026-53325

agp/amd64: Fix broken error propagation in agp_amd64_probe()

In the Linux kernel, the following vulnerability has been resolved:

agp/amd64: Fix broken error propagation in agp_amd64_probe()

A NULL pointer dereference was observed in the AMD64 AGP driver when
running in a virtualized environment (e.g. qemu/kvm) without a physical
AMD northbridge. The crash occurs in amd64_fetch_size() when attempting
to dereference the pointer returned by node_to_amd_nb(0).

The root cause of this crash is broken error propagation in
agp_amd64_probe(): When no AMD northbridges are found, cache_nbs()
correctly returns -ENODEV. However, the probe function erroneously
checks the return value against exactly -1, rather than < 0.

As a result, the hardware absence error is masked, allowing the driver
to improperly proceed with initialization. It eventually calls
agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware
does not exist, node_to_amd_nb(0) returns NULL, leading to a General
Protection Fault (GPF) when accessing its ->misc member.

Fix the issue by correcting the error check in agp_amd64_probe() to
abort properly when cache_nbs() returns any negative error code. This
prevents the driver from erroneously proceeding without hardware, thereby
avoiding the subsequent NULL pointer dereference at its source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.18 < 5.10.260
LinuxLinux Kernel Version >= 5.11 < 5.15.211
LinuxLinux Kernel Version >= 5.16 < 6.1.177
LinuxLinux Kernel Version >= 6.2 < 6.6.144
LinuxLinux Kernel Version >= 6.7 < 6.12.95
LinuxLinux Kernel Version >= 6.13 < 6.18.37
LinuxLinux Kernel Version >= 6.19 < 7.0.14
LinuxLinux Kernel Version >= 7.1 < 7.1.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/53483a9f4ee9eeb18aa866ec16cce79e136987e1
Patch
https://git.kernel.org/stable/c/0aa9b27c454c53074cde592eaceb442d30341585
Patch
https://git.kernel.org/stable/c/cefe535a60a2e00e09f4b2689b0c8ffc6912459a
Patch
https://git.kernel.org/stable/c/b08472db93b1ccff84a7adec5779d47f0e9d3a30
Patch
https://git.kernel.org/stable/c/1d7d45050e14083c1de1460c93f4063c1f0bca7b
Patch
https://git.kernel.org/stable/c/3e844a63668d1c3d10a9d347d7ebf161b2f91c84
Patch
https://git.kernel.org/stable/c/564b3b3f6565313eb6fa5355ffd037d6fb27897f
Patch
https://git.kernel.org/stable/c/ce800993af477fc24187349c6a20d3073140b759
Patch
https://git.kernel.org/stable/c/eb045714bc6a2bbb0befb7a31b996a196e188869
Patch