Main Vulnerability Database SB20260114152

SB20260114152 - NULL pointer dereference in Linux kernel disp dpu1 driver

Published: January 14, 2026

Security Bulletin ID SB20260114152

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-71138)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_encoder_phys_wb_setup_ctl() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/35ea3282136a630a3fd92b76f5a3a02651145ef1
https://git.kernel.org/stable/c/471baae774a30a04cf066907b60eaf3732928cb7
https://git.kernel.org/stable/c/678d1c86566dfbb247ba25482d37fddde6140cc9
https://git.kernel.org/stable/c/88733a0b64872357e5ecd82b7488121503cb9cc6