Skip to main content

Linux Kernel CVE-2026-43320

| EUVDEUVD-2026-28604 MEDIUM
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-53hp-qh67-ggw2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 20:30 vuln.today
CVSS changed
May 15, 2026 - 18:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 15:02 EUVD
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix dsc eDP issue

[why] Need to add function hook check before use

AnalysisAI

A null pointer dereference in the AMD Display Core driver's DSC (Display Stream Compression) handling for eDP panels causes local system crashes on Linux kernel 6.12 through 7.0-rc5. The vulnerability stems from missing function hook validation before use, allowing local authenticated users with low privileges to trigger a high-severity denial-of-service condition. Patches available across kernel 6.12.75, 6.18.16, 6.19.6, and 7.0 stable branches. EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation activity, and no KEV listing or public POC identified at time of analysis.

Technical ContextAI

The vulnerability resides in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within AMD's Display Core driver (amdgpu) handling Display Stream Compression for embedded DisplayPort (eDP) panels. DSC is a VESA standard compression algorithm used to reduce DisplayPort bandwidth requirements for high-resolution displays. The bug is a classic null pointer dereference caused by failure to validate function pointers before invocation - a common C programming error in driver code where hardware abstraction layers use function pointer tables for device-specific operations. The CPE data shows affected kernel versions span from base commit 1da177e4c3f41 through 7.0-rc5, indicating this code path was introduced in the AMD display driver relatively recently and affects multiple stable kernel series (6.12.x, 6.18.x, 6.19.x) plus the 7.0 release candidate series.

RemediationAI

Upgrade to patched kernel versions: 6.12.75 or later for 6.12.x series, 6.18.16 or later for 6.18.x series, 6.19.6 or later for 6.19.x series, or 7.0 final release for 7.0-rc users. Patches available from kernel.org stable trees at commit IDs 0481be9f12d8324789ccebf1e5fd0704b6e3fc99, 878a4b73c11111ff5f820730f59a7f8c6fd59374, c10fe9471f3aa352bb9d9329d0b25e28e0672243, and 11718976c53a258c4d107aa05d68773379d0006f. For systems where immediate kernel upgrade is not feasible, consider restricting local user access to GPU device nodes via udev rules or disabling the amdgpu kernel module if AMD graphics are not required for system operation (note: this renders GUI unusable on systems dependent on AMD graphics). Alternative compensating control is to blacklist the amdgpu module and use framebuffer console only, though this severely limits desktop functionality and is only practical for headless server environments accidentally running affected kernels. Review https://nvd.nist.gov/vuln/detail/CVE-2026-43320 for vendor advisory updates.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy