CVE-2026-53325

In the Linux kernel, the following vulnerability has been resolved:

agp/amd64: Fix broken error propagation in agp amd64 probe()

A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment (e.g. qemu/kvm) without a physical AMD northbridge. The crash occurs in amd64 fetch size() when attempting to dereference the pointer returned by node to amd nb(0).

The root cause of this crash is broken error propagation in agp amd64 probe(): When no AMD northbridges are found, cache nbs() correctly returns -ENODEV. However, the probe function erroneously checks the return value against exactly -1, rather than < 0.

As a result, the hardware absence error is masked, allowing the driver to improperly proceed with initialization. It eventually calls agp add bridge(), which invokes amd64 fetch size(). Since the hardware does not exist, node to amd nb(0) returns NULL, leading to a General Protection Fault (GPF) when accessing its ->misc member.

Fix the issue by correcting the error check in agp amd64 probe() to abort properly when cache nbs() returns any negative error code. This prevents the driver from erroneously proceeding without hardware, thereby avoiding the subsequent NULL pointer dereference at its source.