CVE-2026-53325

Source
https://cve.org/CVERecord?id=CVE-2026-53325
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53325.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53325
Downstream
Related
Published
2026-06-29T04:53:35.833Z
Modified
2026-07-15T01:49:04.998394054Z
Summary
agp/amd64: Fix broken error propagation in agp_amd64_probe()
Details

In the Linux kernel, the following vulnerability has been resolved:

agp/amd64: Fix broken error propagation in agpamd64probe()

A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64fetchsize() when attempting to dereference the pointer returned by nodetoamd_nb(0).

The root cause of this crash is broken error propagation in agpamd64probe(): When no AMD northbridges are found, cache_nbs() correctly returns -ENODEV. However, the probe function erroneously checks the return value against exactly -1, rather than < 0.

As a result, the hardware absence error is masked, allowing the driver to improperly proceed with initialization. It eventually calls agpaddbridge(), which invokes amd64fetchsize(). Since the hardware does not exist, nodetoamd_nb(0) returns NULL, leading to a General Protection Fault (GPF) when accessing its ->misc member.

Fix the issue by correcting the error check in agpamd64probe() to abort properly when cache_nbs() returns any negative error code. This prevents the driver from erroneously proceeding without hardware, thereby avoiding the subsequent NULL pointer dereference at its source.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53325.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a32073bffc656ca4bde6002b6cf7c1a8e0e22712
Fixed
ce800993af477fc24187349c6a20d3073140b759
Fixed
1d7d45050e14083c1de1460c93f4063c1f0bca7b
Fixed
3e844a63668d1c3d10a9d347d7ebf161b2f91c84
Fixed
eb045714bc6a2bbb0befb7a31b996a196e188869
Fixed
564b3b3f6565313eb6fa5355ffd037d6fb27897f
Fixed
53483a9f4ee9eeb18aa866ec16cce79e136987e1
Fixed
0aa9b27c454c53074cde592eaceb442d30341585
Fixed
cefe535a60a2e00e09f4b2689b0c8ffc6912459a
Fixed
b08472db93b1ccff84a7adec5779d47f0e9d3a30

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53325.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.18
Fixed
5.10.260
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.211
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.177
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.144
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.95
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.37
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.14
Type
ECOSYSTEM
Events
Introduced
7.1.0
Fixed
7.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53325.json"