Bug 2494092 (CVE-2026-53325) - CVE-2026-53325 kernel: agp/amd64: Fix broken error propagation in agp_amd64_probe()
Summary: CVE-2026-53325 kernel: agp/amd64: Fix broken error propagation in agp_amd64_p...
Keywords:
Status: NEW
Alias: CVE-2026-53325
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-29 06:02 UTC by OSIDB Bzimport
Modified: 2026-06-29 07:42 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-29 06:02:00 UTC
In the Linux kernel, the following vulnerability has been resolved:

agp/amd64: Fix broken error propagation in agp_amd64_probe()

A NULL pointer dereference was observed in the AMD64 AGP driver when
running in a virtualized environment (e.g. qemu/kvm) without a physical
AMD northbridge. The crash occurs in amd64_fetch_size() when attempting
to dereference the pointer returned by node_to_amd_nb(0).

The root cause of this crash is broken error propagation in
agp_amd64_probe(): When no AMD northbridges are found, cache_nbs()
correctly returns -ENODEV. However, the probe function erroneously
checks the return value against exactly -1, rather than < 0.

As a result, the hardware absence error is masked, allowing the driver
to improperly proceed with initialization. It eventually calls
agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware
does not exist, node_to_amd_nb(0) returns NULL, leading to a General
Protection Fault (GPF) when accessing its ->misc member.

Fix the issue by correcting the error check in agp_amd64_probe() to
abort properly when cache_nbs() returns any negative error code. This
prevents the driver from erroneously proceeding without hardware, thereby
avoiding the subsequent NULL pointer dereference at its source.

Comment 1 Mauro Matteo Cascella 2026-06-29 07:39:49 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062926-CVE-2026-53325-b162@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.