Skip to main content

Linux Kernel nouveau CVE-2026-43381

| EUVDEUVD-2026-28687 MEDIUM
2026-05-08 Linux GHSA-gwm9-34wj-g7pc
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 08, 2026 - 12:41 vuln.today
CVSS changed
May 26, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

nouveau/dpcd: return EBUSY for aux xfer if the device is asleep

If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code.

WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024 RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]

This is a simple fix to get backported. We should probably engineer a proper power domain solution to wake up devices and keep them awake while fw updates are happening.

AnalysisAI

Kernel crash (local denial of service) in the Linux nouveau NVIDIA GPU driver allows a local authenticated user to trigger a kernel WARNING and system instability by accessing the DisplayPort AUX channel (/dev/drm_dp_*) while the GPU is in runtime-suspended state. The driver fails to check device power state before invoking the GSP (GPU System Processor) firmware communication path, causing an unhandled condition in r535_gsp_msgq_wait. No public exploit exists and the EPSS score is 0.02% (7th percentile), but the vulnerability is notable in environments where fwupd or similar firmware tools interact with DP AUX interfaces on systems using the nouveau driver with runtime power management enabled.

Technical ContextAI

The affected component is the nouveau open-source NVIDIA GPU kernel driver, specifically the DPCD (DisplayPort Configuration Data) AUX transfer subsystem. When the GPU is runtime-suspended via Linux's runtime power management (CONFIG_PM), the driver's GSP firmware messaging infrastructure (r535_gsp_msgq_wait in drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c) is not in a usable state. Userspace access to /dev/drm_dp_* (DisplayPort AUX character devices, used by tools like fwupd for firmware updates) can reach this code path without the driver first verifying that the device is powered on, leading to a kernel WARNING at line 164 of rpc.c. No CWE is formally assigned, but the root cause class is improper state validation - specifically, missing a device-awake check (analogous to CWE-754: Improper Check for Unusual or Exceptional Conditions) before entering firmware communication logic. The CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* covers the Linux kernel broadly; affected versions trace back to the commit that introduced this code path (8894f4919bc43f821775db2cfff4b917871b2102).

RemediationAI

The vendor-released patch is available across all affected stable branches. Upgrade to: Linux 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, or 7.0 - whichever corresponds to the installed kernel series. Upstream fix commits are available at https://git.kernel.org/stable/c/178df7c91e6c202579284df9f79d1592a514cdcf, https://git.kernel.org/stable/c/4df518aa196085909fd7e32518ecd27fba60ed69, https://git.kernel.org/stable/c/cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c, https://git.kernel.org/stable/c/fad178ae894930520519ead3c8e0150641466360, https://git.kernel.org/stable/c/6bdd2d70c338d52c387d3b3aadc596784ae81b01, https://git.kernel.org/stable/c/ad8fa5bff53f5d1f8394f996850da8ce070eaee3, https://git.kernel.org/stable/c/24639553a016578222ac597db924dfb6fa5ec8b5, and https://git.kernel.org/stable/c/8f3c6f08ababad2e3bdd239728cf66a9949446b4. As a compensating control prior to patching, disabling runtime power management for the nouveau GPU (e.g., via kernel parameter nouveau.runpm=0) will prevent the GPU from entering the suspended state that triggers the bug, at the cost of increased power consumption. Alternatively, restricting access to /dev/drm_dp_* devices via udev rules or group permissions will block unprivileged userspace - including fwupd - from reaching the AUX transfer path, though this may break legitimate firmware update workflows.

More in Lenovo

View all
CVE-2012-1195 HIGH POC
7.5 Feb 18

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup

CVE-2012-1196 MEDIUM POC
5.0 Feb 18

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagemen

CVE-2015-2219 HIGH POC
7.2 May 12

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo

CVE-2018-14066 CRITICAL POC
9.8 Jul 15

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phone

CVE-2026-58583 HIGH POC
8.4 Jul 07

Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys ve

CVE-2017-7293 HIGH POC
7.8 Apr 26

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to

CVE-2015-6971 HIGH POC
7.8 Oct 03

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the

CVE-2015-8110 HIGH POC
7.8 Apr 24

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by nav

CVE-2021-3633 HIGH POC
7.8 Aug 17

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow

CVE-2022-0354 HIGH POC
7.3 Apr 22

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ab

CVE-2015-8109 HIGH POC
7.0 Apr 24

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by mak

CVE-2017-3761 CRITICAL
9.8 Oct 17

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external i

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43381 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy