Skip to main content

Linux Kernel CVE-2026-43300

| EUVDEUVD-2026-28570 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-08 Linux GHSA-vqpv-2jr8-2hmp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 14:07 vuln.today
CVSS changed
May 15, 2026 - 14:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

In jdi_panel_dsi_remove(), jdi is explicitly checked, indicating that it may be NULL:

if (!jdi) mipi_dsi_detach(dsi);

However, when jdi is NULL, the function does not return and continues by calling jdi_panel_disable():

err = jdi_panel_disable(&jdi->base);

Inside jdi_panel_disable(), jdi is dereferenced unconditionally, which can lead to a NULL-pointer dereference:

struct jdi_panel *jdi = to_panel_jdi(panel); backlight_disable(jdi->backlight);

To prevent such a potential NULL-pointer dereference, return early from jdi_panel_dsi_remove() when jdi is NULL.

AnalysisAI

Null-pointer dereference in the Linux kernel DRM panel driver (jdi_panel_dsi_remove function) allows local authenticated attackers to cause a denial of service by triggering device removal when the jdi structure is NULL. The vulnerability exists because the function checks for NULL but fails to return early, allowing subsequent code to dereference the NULL pointer. CVSS score is 5.5 (local attack vector, low complexity); EPSS indicates low exploitation probability (0.02%, 5th percentile), and no public exploit code or active exploitation has been confirmed.

Technical ContextAI

The vulnerability resides in the DRM (Direct Rendering Manager) subsystem's JDI panel driver, specifically in the jdi_panel_dsi_remove() function responsible for safely removing MIPI DSI (Display Serial Interface) panel devices. The root cause is a logic error (CWE-476: Null Pointer Dereference) where a NULL check occurs on the jdi pointer but execution continues without returning, subsequently calling jdi_panel_disable() which unconditionally dereferences jdi->backlight. The affected code path is triggered during device removal or unbinding, a relatively rare event in normal operation. The CPE string indicates all versions of the Linux kernel are affected, with patches released across multiple stable branches (6.12.75, 6.18.16, 6.19.6, and 7.0).

RemediationAI

Upgrade to a patched kernel version: Linux 7.0, 6.19.6, 6.18.16, or 6.12.75 and later. The upstream fix is available via git commits ec2f37bbb733cdd7ed7d04171fca728a532414d5 (6.19.6+), 2f5427d8726b22b807beec248d7d6bf88e291e0b (6.18.16+), 83ce0085fabf757b039322928188ad78e962d609 (6.12.75+), and 95eed73b871111123a8b1d31cb1fce7e902e49ea (7.0+). Distributors should backport the fix (adding an early return in jdi_panel_dsi_remove() when jdi is NULL) to currently supported kernel branches. No workarounds are available short of kernel recompilation, as the vulnerability is in driver initialization code. Systems without JDI MIPI DSI panel hardware are unaffected. Details are available at https://nvd.nist.gov/vuln/detail/CVE-2026-43300.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43300 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy