Skip to main content

Linux Kernel EUVDEUVD-2026-30021

| CVE-2026-43485 MEDIUM
2026-05-13 Linux GHSA-qq4f-4h8j-r3ph
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local low-privilege access suffices to trigger nouveau ACPI WARN_ON via normal GPU use; availability is high under panic_on_warn=1; no confidentiality or integrity impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 26, 2026 - 21:56 vuln.today
CVSS changed
Jun 26, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 13, 2026 - 16:33 EUVD
CVE Published
May 13, 2026 - 15:08 nvd
MEDIUM 5.5
CVE Published
May 13, 2026 - 15:08 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

nouveau/gsp: drop WARN_ON in ACPI probes

These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless.

AnalysisAI

Spurious WARN_ON assertions in the Linux kernel's nouveau/gsp ACPI probe routines trigger frequently during normal NVIDIA GPU initialization, creating an availability risk on affected systems. On kernels configured with panic_on_warn=1, each triggered WARN_ON escalates to a full kernel panic, while on default configurations it produces excessive kernel log noise that degrades observability. Affected kernel versions range from the introduction of commit 176fdcbddfd2 through stable branches fixed in 6.18.19, 6.19.9, and 7.0; no active exploitation is identified (EPSS 0.02%, not in CISA KEV).

Technical ContextAI

The vulnerable code resides in the nouveau kernel driver's GSP (GPU System Processor) firmware subsystem - specifically in the ACPI (Advanced Configuration and Power Interface) hardware probe routines responsible for negotiating GPU power management with system firmware. The affected CPE is cpe:2.3:a:linux:linux. WARN_ON() is a Linux kernel macro that evaluates a condition and, if true, emits a full stack trace to the kernel ring buffer via printk. Unlike BUG_ON(), it does not halt the kernel by default; however, the kernel boot parameter panic_on_warn=1 converts every WARN_ON into a kernel panic, making these assertions safety-critical on hardened, CI, or testing environments. The root cause - no CWE is assigned by NVD - is the placement of WARN_ON guards around ACPI probe calls whose failure conditions turn out to be benign and frequent, meaning the assertions fire routinely rather than signaling a genuine error. The fix removes the WARN_ONs entirely, accepting that these ACPI probe outcomes are non-actionable.

RemediationAI

The primary remediation is upgrading to a patched kernel version. Three stable-tree fix commits are available: 214b6bde0e941a34ba877cf2f26f85d62fb5d598 (targeting 6.18.19, at https://git.kernel.org/stable/c/214b6bde0e941a34ba877cf2f26f85d62fb5d598), d1c991c860496d97044802ea54b30f20db468c1d (targeting 6.19.9, at https://git.kernel.org/stable/c/d1c991c860496d97044802ea54b30f20db468c1d), and 9478c166c46934160135e197b049b5a05753f2ad (targeting 7.0, at https://git.kernel.org/stable/c/9478c166c46934160135e197b049b5a05753f2ad). Distribution vendors should be monitored for backported kernel packages incorporating these commits. As an immediate compensating control for high-risk environments, removing panic_on_warn=1 from kernel boot parameters prevents WARN_ON events from escalating to kernel panics, substantially reducing impact on hardened systems; the trade-off is reduced kernel fault detection sensitivity. Alternatively, blacklisting the nouveau module (echo 'blacklist nouveau' >> /etc/modprobe.d/blacklist.conf) eliminates the vulnerable code path entirely, but requires migrating to the proprietary NVIDIA driver or integrated graphics, which may not be feasible on all systems.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-30021 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy