What is CVE-2026-53325?

CVE-2026-53325 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.18 onward and patched in 6.18.37, 7.0.14, 7.1.2 and others. CVE-2026-53325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53325?

CVE-2026-53325 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53325?

Yes, CVE-2026-53325 has been patched. Fixed versions include 6.18.37, 7.0.14, 7.1.2 and others. If you are running Linux kernel 2.6.18 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-53325 actively exploited?

CVE-2026-53325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53325

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64_fetch_size() when attempting to dereference the pointer returned by node_to_amd_nb(0). The root cause of this crash is broken error propagation in agp_amd64_probe(): When no AMD northbridges are found, cache_nbs() correctly returns -ENODEV. However, the probe function erroneously checks the return value against exactly -1, rather than < 0. As a result, the hardware absence error is masked, allowing the driver to improperly proceed with initialization. It eventually calls agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware does not exist, node_to_amd_nb(0) returns NULL, leading to a General Protection Fault (GPF) when accessing its ->misc member. Fix the issue by correcting the error check in agp_amd64_probe() to abort properly when cache_nbs() returns any negative error code. This prevents the driver from erroneously proceeding without hardware, thereby avoiding the subsequent NULL pointer dereference at its source.

Package Linux Kernel

Published 2026-06-29

Last modified 2026-06-29

Patch available

Yes

Affected versions

Linux kernel versions 2.6.18 and later are affected. Fixed in 6.18.37, 7.0.14, 7.1.2, 7.2-rc1 and their respective stable series.

Affected from

≥ 2.6.18

Fixed in

✓ 6.18.37 6.18.x ✓ 7.0.14 7.0.x ✓ 7.1.2 7.1.x ✓ 7.2-rc1

References

4 total

Frequently asked questions

What is CVE-2026-53325?

CVE-2026-53325 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.18 onward and has been patched in 6.18.37, 7.0.14, 7.1.2 and others. CVE-2026-53325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-53325?

Yes — CVE-2026-53325 has been patched. Fixed versions include 6.18.37, 7.0.14, 7.1.2 and others. If you are running Linux kernel 2.6.18 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-53325 actively exploited?

No — CVE-2026-53325 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.