Skip to main content

Linux Kernel CVE-2026-43337

| EUVDEUVD-2026-28621 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-5cr7-8523-mgr2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 22:30 vuln.today
CVSS changed
May 15, 2026 - 20:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 15:02 EUVD
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()

dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition:

((!fams2_enable && update_bw_bounding_box) || freq_changed)

does not guarantee this, as the freq_changed branch can evaluate to true independently of the callback pointer.

This can result in calling update_bw_bounding_box() when it is NULL.

Fix this by separating the update condition from the pointer checks and ensuring the callback, dc->clk_mgr, and bw_params are validated before use.

Fixes the below: ../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed 'dc->res_pool->funcs->update_bw_bounding_box' could be null (see line 362)

(cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)

AnalysisAI

NULL pointer dereference in the Linux kernel's AMD display driver (DRM subsystem) allows local authenticated users to crash the system via dcn401_init_hw() function. Affects kernel 6.12 through 7.0-rc6, specifically the DCN 4.01 hardware sequencer in amdgpu driver. Vendor patches available for stable branches (6.18.22, 6.19.12, 7.0). EPSS exploitation probability is very low (0.02%, 4th percentile), indicating minimal real-world threat despite moderate CVSS score. Not listed in CISA KEV, and no public exploit code identified at time of analysis.

Technical ContextAI

This vulnerability exists in the Direct Rendering Manager (DRM) subsystem of the Linux kernel, specifically in the AMD display driver's DCN (Display Core Next) 4.01 hardware initialization code. The root cause is CWE-476 (NULL Pointer Dereference) in the dcn401_init_hw() function within dc/hwss/dcn401/dcn401_hwseq.c. The function contains a logical flaw where the condition ((!fams2_enable && update_bw_bounding_box) || freq_changed) can evaluate to true via the freq_changed branch without validating that the update_bw_bounding_box callback pointer is non-NULL. When freq_changed is true but the function pointer is NULL, the code attempts to dereference it, causing a kernel panic. The affected code path involves the display clock manager (dc->clk_mgr) and bandwidth parameters (bw_params) during hardware initialization. This impacts systems with AMD GPUs using the DCN 4.01 display controller, introduced in recent kernel versions. The CPE data indicates vulnerability spans from kernel 6.12 through release candidates of 7.0, with the faulty code introduced in commit ca0fb243c3bb53dbbd71d16c76f319bf923ee3d4.

RemediationAI

Upgrade to patched Linux kernel versions: 6.18.22 or later in the 6.18 stable series, 6.19.12 or later in the 6.19 stable series, or 7.0 final release. Patches are available from the official kernel git repository at the URLs provided in NVD references (commits 2d4a6f0702c5, e927b36ae18b, and 10c13c111d0d). For systems unable to immediately upgrade, consider temporarily disabling AMD display driver automatic hardware initialization if feasible, though this will impact graphics functionality and is not practical for most workloads. Another compensating control is restricting local user access to trusted accounts only, as the vulnerability requires authenticated local access (PR:L). However, this provides limited protection since most systems have multiple local users. No effective workaround exists that maintains full system functionality - kernel upgrade is the only complete remediation. Monitor kernel security mailing lists and distribution security advisories for backports to specific enterprise kernel versions.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy