CVE-2026-53325 (GCVE-0-2026-53325)

Vulnerability from cvelistv5 – Published: 2026-06-29 04:53 – Updated: 2026-06-29 04:53
VLAI
Title
agp/amd64: Fix broken error propagation in agp_amd64_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64_fetch_size() when attempting to dereference the pointer returned by node_to_amd_nb(0). The root cause of this crash is broken error propagation in agp_amd64_probe(): When no AMD northbridges are found, cache_nbs() correctly returns -ENODEV. However, the probe function erroneously checks the return value against exactly -1, rather than < 0. As a result, the hardware absence error is masked, allowing the driver to improperly proceed with initialization. It eventually calls agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware does not exist, node_to_amd_nb(0) returns NULL, leading to a General Protection Fault (GPF) when accessing its ->misc member. Fix the issue by correcting the error check in agp_amd64_probe() to abort properly when cache_nbs() returns any negative error code. This prevents the driver from erroneously proceeding without hardware, thereby avoiding the subsequent NULL pointer dereference at its source.
Severity
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 53483a9f4ee9eeb18aa866ec16cce79e136987e1 (git)
Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 0aa9b27c454c53074cde592eaceb442d30341585 (git)
Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < cefe535a60a2e00e09f4b2689b0c8ffc6912459a (git)
Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < b08472db93b1ccff84a7adec5779d47f0e9d3a30 (git)
Create a notification for this product.
Linux Linux Affected: 2.6.18
Unaffected: 0 , < 2.6.18 (semver)
Unaffected: 6.18.37 , ≤ 6.18.* (semver)
Unaffected: 7.0.14 , ≤ 7.0.* (semver)
Unaffected: 7.1.2 , ≤ 7.1.* (semver)
Unaffected: 7.2-rc1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/agp/amd64-agp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "53483a9f4ee9eeb18aa866ec16cce79e136987e1",
              "status": "affected",
              "version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
              "versionType": "git"
            },
            {
              "lessThan": "0aa9b27c454c53074cde592eaceb442d30341585",
              "status": "affected",
              "version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
              "versionType": "git"
            },
            {
              "lessThan": "cefe535a60a2e00e09f4b2689b0c8ffc6912459a",
              "status": "affected",
              "version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
              "versionType": "git"
            },
            {
              "lessThan": "b08472db93b1ccff84a7adec5779d47f0e9d3a30",
              "status": "affected",
              "version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/agp/amd64-agp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.18"
            },
            {
              "lessThan": "2.6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.*",
              "status": "unaffected",
              "version": "7.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.2-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.37",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.14",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1.2",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.2-rc1",
                  "versionStartIncluding": "2.6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nagp/amd64: Fix broken error propagation in agp_amd64_probe()\n\nA NULL pointer dereference was observed in the AMD64 AGP driver when\nrunning in a virtualized environment (e.g. qemu/kvm) without a physical\nAMD northbridge. The crash occurs in amd64_fetch_size() when attempting\nto dereference the pointer returned by node_to_amd_nb(0).\n\nThe root cause of this crash is broken error propagation in\nagp_amd64_probe(): When no AMD northbridges are found, cache_nbs()\ncorrectly returns -ENODEV. However, the probe function erroneously\nchecks the return value against exactly -1, rather than \u003c 0.\n\nAs a result, the hardware absence error is masked, allowing the driver\nto improperly proceed with initialization. It eventually calls\nagp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware\ndoes not exist, node_to_amd_nb(0) returns NULL, leading to a General\nProtection Fault (GPF) when accessing its -\u003emisc member.\n\nFix the issue by correcting the error check in agp_amd64_probe() to\nabort properly when cache_nbs() returns any negative error code. This\nprevents the driver from erroneously proceeding without hardware, thereby\navoiding the subsequent NULL pointer dereference at its source."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T04:53:35.833Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/53483a9f4ee9eeb18aa866ec16cce79e136987e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/0aa9b27c454c53074cde592eaceb442d30341585"
        },
        {
          "url": "https://git.kernel.org/stable/c/cefe535a60a2e00e09f4b2689b0c8ffc6912459a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b08472db93b1ccff84a7adec5779d47f0e9d3a30"
        }
      ],
      "title": "agp/amd64: Fix broken error propagation in agp_amd64_probe()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53325",
    "datePublished": "2026-06-29T04:53:35.833Z",
    "dateReserved": "2026-06-09T07:44:35.398Z",
    "dateUpdated": "2026-06-29T04:53:35.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53325",
      "date": "2026-07-03",
      "epss": "0.00175",
      "percentile": "0.07179"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53325\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-29T06:16:33.167\",\"lastModified\":\"2026-06-30T14:44:27.313\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nagp/amd64: Fix broken error propagation in agp_amd64_probe()\\n\\nA NULL pointer dereference was observed in the AMD64 AGP driver when\\nrunning in a virtualized environment (e.g. qemu/kvm) without a physical\\nAMD northbridge. The crash occurs in amd64_fetch_size() when attempting\\nto dereference the pointer returned by node_to_amd_nb(0).\\n\\nThe root cause of this crash is broken error propagation in\\nagp_amd64_probe(): When no AMD northbridges are found, cache_nbs()\\ncorrectly returns -ENODEV. However, the probe function erroneously\\nchecks the return value against exactly -1, rather than \u003c 0.\\n\\nAs a result, the hardware absence error is masked, allowing the driver\\nto improperly proceed with initialization. It eventually calls\\nagp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware\\ndoes not exist, node_to_amd_nb(0) returns NULL, leading to a General\\nProtection Fault (GPF) when accessing its -\u003emisc member.\\n\\nFix the issue by correcting the error check in agp_amd64_probe() to\\nabort properly when cache_nbs() returns any negative error code. This\\nprevents the driver from erroneously proceeding without hardware, thereby\\navoiding the subsequent NULL pointer dereference at its source.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/char/agp/amd64-agp.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"a32073bffc656ca4bde6002b6cf7c1a8e0e22712\",\"lessThan\":\"53483a9f4ee9eeb18aa866ec16cce79e136987e1\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"a32073bffc656ca4bde6002b6cf7c1a8e0e22712\",\"lessThan\":\"0aa9b27c454c53074cde592eaceb442d30341585\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"a32073bffc656ca4bde6002b6cf7c1a8e0e22712\",\"lessThan\":\"cefe535a60a2e00e09f4b2689b0c8ffc6912459a\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"a32073bffc656ca4bde6002b6cf7c1a8e0e22712\",\"lessThan\":\"b08472db93b1ccff84a7adec5779d47f0e9d3a30\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/char/agp/amd64-agp.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2.6.18\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.18\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.37\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.14\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1.2\",\"lessThanOrEqual\":\"7.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.2-rc1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0aa9b27c454c53074cde592eaceb442d30341585\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/53483a9f4ee9eeb18aa866ec16cce79e136987e1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b08472db93b1ccff84a7adec5779d47f0e9d3a30\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cefe535a60a2e00e09f4b2689b0c8ffc6912459a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…