CVE-2026-43369

Source
https://cve.org/CVERecord?id=CVE-2026-43369
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43369.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43369
Downstream
Published
2026-05-08T14:21:21.174Z
Modified
2026-07-08T08:13:30.421570636Z
Summary
drm/amd: Fix NULL pointer dereference in device cleanup
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd: Fix NULL pointer dereference in device cleanup

When GPU initialization fails due to an unsupported HW block IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code calls amdgpudevicesetpgstate and amdgpudevicesetcgstate which iterate over all IP blocks and access adev->ipblocks[i].version without NULL checks, leading to a kernel NULL pointer dereference.

Add NULL checks for adev->ipblocks[i].version in both amdgpudevicesetcgstate and amdgpudevicesetpg_state to prevent dereferencing NULL pointers during GPU teardown when initialization has failed.

(cherry picked from commit b7ac77468cda92eecae560b05f62f997a12fe2f2)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43369.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fc58ef30e0a1524ce72a8e873d773ba3b0830c7d
Fixed
43025c941aced9a9009f9ff20eea4eb78c61deb8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6d7ac4a0ebb6b7bc885274aa8b2bd9971f07013c
Fixed
767cd24d3c4ae847688877def4891943f6611ecd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
39fc2bc4da0082c226cbee331f0a5d44db3997da
Fixed
062ea905fff7756b2e87143ffccaece5cdb44267

Affected versions

v6.*
v6.18.16
v6.18.17
v6.18.18
v6.19.6
v6.19.7
v6.19.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43369.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.16
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.6
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43369.json"