Unrated severityNVD Advisory· Published Jun 3, 2026

CVE-2026-46245

Description

Linux kernel's amdgpu driver has a NULL pointer dereference in HPD interrupt setup, potentially leading to system instability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel's amdgpu driver has a NULL pointer dereference in HPD interrupt setup, potentially leading to system instability.

Vulnerability

The Linux kernel's amdgpu driver, specifically in the amdgpu_dm_hpd_init() function within drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c, suffers from a NULL pointer dereference. This occurs when connectors lack a valid dc_link. While a check exists for polling decisions, the code later unconditionally dereferences dc_link when setting up HPD interrupts, even if it is NULL. This affects versions of the kernel where this code path is present prior to the fix.

Exploitation

An attacker would need to trigger a scenario where a connector is present but does not have an associated dc_link during the HPD initialization process. This could potentially be achieved through specific hardware configurations or by manipulating hot-plug events for display connectors. Once the amdgpu_dm_hpd_init() function is called with such a configuration, the NULL pointer dereference will occur.

Impact

The direct impact of this vulnerability is a NULL pointer dereference, which typically leads to a kernel panic or system crash, causing a denial of service. The exact consequences depend on the kernel's error handling and the specific hardware configuration, but it would render the affected system unstable and unusable.

Mitigation

This vulnerability has been fixed in the Linux kernel. The fix involves assigning dc_link early and skipping connectors where it is NULL. The specific commit that resolves this issue is available at [1]. No specific patched version or release date is provided in the available references, but users are advised to update to a kernel version containing this fix. There are no known workarounds other than applying the patch.

References

Making sure you're not a bot!

AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Kernelllm-fuzzy

Patches

a490e4d3c9fe

drm/amd/display: Fix dc_link NULL handling in HPD init

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitSrinivasan ShanmugamFixed in 6.19.4via kernel-cna

commit

1 file changed · +4 −6

drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c+4 −6 modified

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
index e7b0928bd3db7..5948e2a6219e3 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
@@ -919,16 +919,15 @@ void amdgpu_dm_hpd_init(struct amdgpu_device *adev)
 			continue;
 
 		amdgpu_dm_connector = to_amdgpu_dm_connector(connector);
+		dc_link = amdgpu_dm_connector->dc_link;
+		if (!dc_link)
+			continue;
 
 		/*
 		 * Analog connectors may be hot-plugged unlike other connector
 		 * types that don't support HPD. Only poll analog connectors.
 		 */
-		use_polling |=
-			amdgpu_dm_connector->dc_link &&
-			dc_connector_supports_analog(amdgpu_dm_connector->dc_link->link_id.id);
-
-		dc_link = amdgpu_dm_connector->dc_link;
+		use_polling |= dc_connector_supports_analog(dc_link->link_id.id);
 
 		/*
 		 * Get a base driver irq reference for hpd ints for the lifetime
-- 
cgit 1.3-korg

226a40c06a18

drm/amd/display: Fix dc_link NULL handling in HPD init

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitSrinivasan ShanmugamFixed in 7.0via kernel-cna

commit

1 file changed · +4 −6

drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c+4 −6 modified

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
index e7b0928bd3db7..5948e2a6219e3 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
@@ -919,16 +919,15 @@ void amdgpu_dm_hpd_init(struct amdgpu_device *adev)
 			continue;
 
 		amdgpu_dm_connector = to_amdgpu_dm_connector(connector);
+		dc_link = amdgpu_dm_connector->dc_link;
+		if (!dc_link)
+			continue;
 
 		/*
 		 * Analog connectors may be hot-plugged unlike other connector
 		 * types that don't support HPD. Only poll analog connectors.
 		 */
-		use_polling |=
-			amdgpu_dm_connector->dc_link &&
-			dc_connector_supports_analog(amdgpu_dm_connector->dc_link->link_id.id);
-
-		dc_link = amdgpu_dm_connector->dc_link;
+		use_polling |= dc_connector_supports_analog(dc_link->link_id.id);
 
 		/*
 		 * Get a base driver irq reference for hpd ints for the lifetime
-- 
cgit 1.3-korg

226a40c06a18

drm/amd/display: Fix dc_link NULL handling in HPD init

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitSrinivasan Shanmugamvia nvd-ref

commit

1 file changed · +4 −6

drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c+4 −6 modified

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
index e7b0928bd3db7..5948e2a6219e3 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
@@ -919,16 +919,15 @@ void amdgpu_dm_hpd_init(struct amdgpu_device *adev)
 			continue;
 
 		amdgpu_dm_connector = to_amdgpu_dm_connector(connector);
+		dc_link = amdgpu_dm_connector->dc_link;
+		if (!dc_link)
+			continue;
 
 		/*
 		 * Analog connectors may be hot-plugged unlike other connector
 		 * types that don't support HPD. Only poll analog connectors.
 		 */
-		use_polling |=
-			amdgpu_dm_connector->dc_link &&
-			dc_connector_supports_analog(amdgpu_dm_connector->dc_link->link_id.id);
-
-		dc_link = amdgpu_dm_connector->dc_link;
+		use_polling |= dc_connector_supports_analog(dc_link->link_id.id);
 
 		/*
 		 * Get a base driver irq reference for hpd ints for the lifetime
-- 
cgit 1.3-korg

a490e4d3c9fe

drm/amd/display: Fix dc_link NULL handling in HPD init

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.gitSrinivasan Shanmugamvia nvd-ref

commit

1 file changed · +4 −6

drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c+4 −6 modified

diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
index e7b0928bd3db7..5948e2a6219e3 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c
@@ -919,16 +919,15 @@ void amdgpu_dm_hpd_init(struct amdgpu_device *adev)
 			continue;
 
 		amdgpu_dm_connector = to_amdgpu_dm_connector(connector);
+		dc_link = amdgpu_dm_connector->dc_link;
+		if (!dc_link)
+			continue;
 
 		/*
 		 * Analog connectors may be hot-plugged unlike other connector
 		 * types that don't support HPD. Only poll analog connectors.
 		 */
-		use_polling |=
-			amdgpu_dm_connector->dc_link &&
-			dc_connector_supports_analog(amdgpu_dm_connector->dc_link->link_id.id);
-
-		dc_link = amdgpu_dm_connector->dc_link;
+		use_polling |= dc_connector_supports_analog(dc_link->link_id.id);
 
 		/*
 		 * Get a base driver irq reference for hpd ints for the lifetime
-- 
cgit 1.3-korg

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000