Description
In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind

Fix several issues in dw_dp_bind() error handling:

1. Missing return after drm_bridge_attach() failure - the function
continued execution instead of returning an error.

2. Resource leak: drm_dp_aux_register() is not a devm function, so
drm_dp_aux_unregister() must be called on all error paths after
aux registration succeeds. This affects errors from:
- drm_bridge_attach()
- phy_init()
- devm_add_action_or_reset()
- platform_get_irq()
- devm_request_threaded_irq()

3. Bug fix: platform_get_irq() returns the IRQ number or a negative
error code, but the error path was returning ERR_PTR(ret) instead
of ERR_PTR(dp->irq).

Use a goto label for cleanup to ensure consistent error handling.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Crash / Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The dw-dp driver for Synopsys devices in the Linux kernel handles errors during the binding of DRM bridges incorrectly. When drm_bridge_attach() or other functions fail, the driver continues executing instead of returning, causing undefined states. Also, the non‑devm auxiliary registration isn’t rolled back on failure, leaking resources, and an incorrect error conversion can hide negative return codes. These mistakes can lead to a kernel panic or loss of display functionality, which effectively constitutes a denial‑of‑service.

Affected Systems

Systems running any Linux kernel release that contains the dw_dp_bind implementation before the fix—specifically kernel 6.19 RC1 through RC6 and any earlier stable branches that omit the patch—are affected. The problem exists in the generic Linux kernel code and therefore applies to all distributions shipping those kernel versions.

Risk and Exploitability

The CVSS score is 5.5, with an EPSS score of less than 1%, indicating a low but non‑zero likelihood of exploitation, and it is not currently listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker would need local privileges with access to the DRM subsystem to trigger the faulty error handling. No public exploit has been reported, but an adversary could cause a crash by attempting to bind the driver with manipulated parameters, thereby disrupting system availability.

Generated by OpenCVE AI on April 18, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the dw_dp_bind fix, such as kernel 6.19.0 or later releases.
  • If a kernel upgrade is not immediately possible, disable or unplug the dw-dp hardware to prevent the affected driver from being loaded.
  • Monitor kernel logs for unexpected errors or crashes originating from drm_dp or dw_dp_bind to detect potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Sat, 14 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind Fix several issues in dw_dp_bind() error handling: 1. Missing return after drm_bridge_attach() failure - the function continued execution instead of returning an error. 2. Resource leak: drm_dp_aux_register() is not a devm function, so drm_dp_aux_unregister() must be called on all error paths after aux registration succeeds. This affects errors from: - drm_bridge_attach() - phy_init() - devm_add_action_or_reset() - platform_get_irq() - devm_request_threaded_irq() 3. Bug fix: platform_get_irq() returns the IRQ number or a negative error code, but the error path was returning ERR_PTR(ret) instead of ERR_PTR(dp->irq). Use a goto label for cleanup to ensure consistent error handling.
Title drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:14:32.334Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23132

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T16:15:53.163

Modified: 2026-03-17T21:16:41.337

Link: CVE-2026-23132

cve-icon Redhat

Severity :

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23132 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses