CVEFinder.io

CVE-2026-53325

🔶 medium
🔍 Scan for this CVE
Summary

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64_fetch_size() when attempting to dereference the pointer returned by node_to_amd_nb(0). The root cause of this crash is broken error propagation in agp_amd64_probe(): When no AMD northb

Description

In the Linux kernel, the following vulnerability has been resolved:

agp/amd64: Fix broken error propagation in agp_amd64_probe()

A NULL pointer dereference was observed in the AMD64 AGP driver when
running in a virtualized environment (e.g. qemu/kvm) without a physical
AMD northbridge. The crash occurs in amd64_fetch_size() when attempting
to dereference the pointer returned by node_to_amd_nb(0).

The root cause of this crash is broken error propagation in
agp_amd64_probe(): When no AMD northbridges are found, cache_nbs()
correctly returns -ENODEV. However, the probe function erroneously
checks the return value against exactly -1, rather than < 0.

As a result, the hardware absence error is masked, allowing the driver
to improperly proceed with initialization. It eventually calls
agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware
does not exist, node_to_amd_nb(0) returns NULL, leading to a General
Protection Fault (GPF) when accessing its ->misc member.

Fix the issue by correcting the error check in agp_amd64_probe() to
abort properly when cache_nbs() returns any negative error code. This
prevents the driver from erroneously proceeding without hardware, thereby
avoiding the subsequent NULL pointer dereference at its source.

CVSS Score
5.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-06-29
First Seen: 2026-06-30
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.4% of all 335,187 vulnerabilities in our database.

#226,526
Below average severity
Severity Percentile
Last Modified 2026-07-06
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)

📦 Affected Products 8

🔗 References 9

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-53324 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory nam... 2026-06-26
CVE-2026-53323 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from c... 2026-06-26
CVE-2026-53322 ⚠️ high 8.8 0.2 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling functio... 2026-06-26
CVE-2026-53321 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently ... 2026-06-26
CVE-2026-53320 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark... 2026-06-26
CVE-2026-53319 🔶 medium 5.5 0.1 In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_d... 2026-06-26
These CVEs affect the same products