VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54199

CVE-2023-54199

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()

Fix the below kernel panic due to null pointer access: [ 18.504431] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 18.513464] Mem abort info: [ 18.516346] ESR = 0x0000000096000005 [ 18.520204] EC = 0x25: DABT (current EL), IL = 32 bits [ 18.525706] SET = 0, FnV = 0 [ 18.528878] EA = 0, S1PTW = 0 [ 18.532117] FSC = 0x05: level 1 translation fault [ 18.537138] Data abort info: [ 18.540110] ISV = 0, ISS = 0x00000005 [ 18.544060] CM = 0, WnR = 0 [ 18.547109] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000112826000 [ 18.553738] [0000000000000048] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 18.562690] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Snip [ 18.696758] Call trace: [ 18.699278] adreno_gpu_cleanup+0x30/0x88 [ 18.703396] a6xx_destroy+0xc0/0x130 [ 18.707066] a6xx_gpu_init+0x308/0x424 [ 18.710921] adreno_bind+0x178/0x288 [ 18.714590] component_bind_all+0xe0/0x214 [ 18.718797] msm_drm_bind+0x1d4/0x614 [ 18.722566] try_to_bring_up_aggregate_device+0x16c/0x1b8 [ 18.728105] __component_add+0xa0/0x158 [ 18.732048] component_add+0x20/0x2c [ 18.735719] adreno_probe+0x40/0xc0 [ 18.739300] platform_probe+0xb4/0xd4 [ 18.743068] really_probe+0xfc/0x284 [ 18.746738] __driver_probe_device+0xc0/0xec [ 18.751129] driver_probe_device+0x48/0x110 [ 18.755421] __device_attach_driver+0xa8/0xd0 [ 18.759900] bus_for_each_drv+0x90/0xdc [ 18.763843] __device_attach+0xfc/0x174 [ 18.767786] device_initial_probe+0x20/0x2c [ 18.772090] bus_probe_device+0x40/0xa0 [ 18.776032] deferred_probe_work_func+0x94/0xd0 [ 18.780686] process_one_work+0x190/0x3d0 [ 18.784805] worker_thread+0x280/0x3d4 [ 18.788659] kthread+0x104/0x1c0 [ 18.791981] ret_from_fork+0x10/0x20 [ 18.795654] Code: f9400408 aa0003f3 aa1f03f4 91142015 (f9402516) [ 18.801913] ---[ end trace 0000000000000000 ]--- [ 18.809039] Kernel panic - not syncing: Oops: Fatal exception

Patchwork: https://patchwork.freedesktop.org/patch/515605/

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Null pointer dereference in Linux kernel's adreno_gpu_cleanup() causes kernel panic during GPU init, patched by adding a NULL check.

Vulnerability

Description A null pointer dereference vulnerability exists in the adreno_gpu_cleanup() function of the Linux kernel's MSM/Adreno DRM driver. The root cause is that the function attempts to access a member of a structure without verifying that the pointer is non-null, leading to a kernel NULL pointer dereference. This is evident from the kernel panic trace showing the crash at adreno_gpu_cleanup+0x30/0x88 [1].

Exploitation

Triggering the vulnerability requires the GPU driver to be initialized, which can occur during system boot or when the DRM subsystem binds the GPU component. An attacker with local access could potentially cause the driver to be loaded or manipulated, leading to the panic. The crash occurs during the a6xx_gpu_init path when adreno_gpu_cleanup is called as part of error cleanup, meaning the vulnerability is exploitable during device initialization failures [2].

Impact

Successful exploitation results in a kernel panic, causing a denial of service (system crash). This can be used by a local attacker to disrupt system availability. No privilege escalation is achieved, but the system becomes unavailable.

Mitigation

The vulnerability has been patched in the Linux kernel. The fix is included in commits [1] and [2], which add a null check before accessing the pointer in adreno_gpu_cleanup(). Users should apply the latest stable kernel updates to remediate the issue.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

6
65a8b6d129cf
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b26bd7791f3c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
399d01375659
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7af606b9eb11
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
5fef23c1c0ed
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
dbeedbcb268d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.