Skip to main content

Linux Kernel EUVDEUVD-2026-28575

| CVE-2026-43305 MEDIUM
Improper Locking (CWE-667)
2026-05-08 Linux GHSA-99gr-cw2x-89qp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 15, 2026 - 13:37 vuln.today
CVSS changed
May 15, 2026 - 13:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path

[Why] The evaluation for whether we need to use the DMUB HW lock isn't the same as whether we need to unlock which results in a hang when the fast path is used for ASIC without FAMS support.

[How] Store a flag that indicates whether we should use the lock and use that same flag to specify whether unlocking is needed.

AnalysisAI

Denial of service via system hang in Linux kernel's AMD display driver occurs when the DMUB hardware lock evaluation mismatches between lock acquisition and release in the HWSS fast path, affecting ASIC variants without FAMS support. Local authenticated attackers can trigger this condition through display operations, causing a hang with high availability impact. Patch available in stable releases 6.19.6 and 7.0; EPSS score of 0.02% indicates low real-world exploitation probability despite KEV status.

Technical ContextAI

The vulnerability resides in the AMD Display (DRM/amd/display) subsystem of the Linux kernel, specifically in the Hardware Sequencer (HWSS) fast path handling of DMUB (Display Microcontroller Unit) hardware locking. The DMUB is a microcontroller that manages display operations on AMD GPUs. The root cause is a logic mismatch in CWE-667 (Improper Locking) where the condition to acquire the DMUB HW lock differs from the condition to release it. This occurs in ASIC designs that lack FAMS (Fully Automated Memory Switching) support, where the fast path optimization path does not properly synchronize lock state. The fix introduces a stored flag to ensure consistent lock/unlock semantics across the code path.

RemediationAI

Apply kernel security update to version 6.19.6 (6.x stable series) or 7.0 (7.x stable series) via standard package management (apt, yum, etc.) or direct kernel compilation from upstream git repository using commits 4e387ad67efb100b645630ffbce7716786f52283 or af3303970da5ce5bfe6dffdd07f38f42aad603e0. For distributions not yet providing patched packages, compile a custom kernel from the stable repository at git.kernel.org/stable using the referenced commit hashes. No workarounds are available short of disabling the HWSS fast path optimization or avoiding display driver operations that trigger the condition; such workarounds carry significant performance cost for AMD graphics operations. Verify patch application by checking kernel version post-reboot and confirming the fix commit is present in dmesg or git log.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28575 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy