Vulnerabilities ›

CVE-2026-43131

Medium

CWE-476 — Weakness Type

                    Published: May 6, 2026                      ·  Modified: May 9, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/pm: Fix null pointer dereference issue

If SMU is disabled, during RAS initialization,
there will be null pointer dereference issue here.

🤖 AI Executive Summary

A null pointer dereference vulnerability exists in AMD's Power Management (PM) module when SMU (System Management Unit) is disabled during RAS initialization. This could cause kernel crashes or system instability on affected Linux systems.

📄 Description (Arabic)

تحتوي وحدة إدارة الطاقة في AMD على ثغرة إلغاء مؤشر فارغ تحدث عندما تكون وحدة إدارة النظام معطلة أثناء تهيئة نظام كشف الأخطاء والإصلاح. قد يؤدي هذا إلى توقف النواة أو عدم استقرار النظام على الأنظمة المتأثرة.

🤖 ملخص تنفيذي (AI)

A null pointer dereference vulnerability exists in AMD's Power Management module when SMU is disabled during RAS initialization. This could cause kernel crashes or system instability on affected Linux systems.

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 01:26

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

energy government banking

🎯 MITRE ATT&CK Techniques

T1499.004

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update the Linux kernel to the latest patched version that includes the fix for the AMD PM null pointer dereference issue. Ensure SMU initialization is properly validated before RAS initialization begins.

🔧 خطوات المعالجة (العربية)

قم بتحديث نواة لينكس إلى أحدث إصدار مصحح يتضمن إصلاح مشكلة إلغاء المؤشر الفارغ في وحدة إدارة الطاقة AMD. تأكد من التحقق الصحيح من تهيئة SMU قبل بدء تهيئة RAS.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.BE-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 2

🔗

https://git.kernel.org/stable/c/1197366cca89a4c44c541ddedb8ce8bf0757993d

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/8e035505fa0e5b7c4306fd3f4e27f8e8f5bfad8c

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 1 entries

linux:linux_kernel

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-476

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-05-06

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

patch-available CWE-476

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-43131

Introduce Yourself

Sign In Required