Description
In the Linux kernel, the following vulnerability has been resolved:

drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels

Since commit 56de5e305d4b ("clk: renesas: r9a07g044: Add MSTOP for RZ/G2L")
we may get the following kernel panic, for some panels, when rebooting:

systemd-shutdown[1]: Rebooting.
Call trace:
...
do_serror+0x28/0x68
el1h_64_error_handler+0x34/0x50
el1h_64_error+0x6c/0x70
rzg2l_mipi_dsi_host_transfer+0x114/0x458 (P)
mipi_dsi_device_transfer+0x44/0x58
mipi_dsi_dcs_set_display_off_multi+0x9c/0xc4
ili9881c_unprepare+0x38/0x88
drm_panel_unprepare+0xbc/0x108

This happens for panels that need to send MIPI-DSI commands in their
unprepare() callback. Since the MIPI-DSI interface is stopped at that
point, rzg2l_mipi_dsi_host_transfer() triggers the kernel panic.

Fix by moving rzg2l_mipi_dsi_stop() to new callback function
rzg2l_mipi_dsi_atomic_post_disable().

With this change we now have the correct power-down/stop sequence:

systemd-shutdown[1]: Rebooting.
rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_disable(): entry
ili9881c-dsi 10850000.dsi.0: ili9881c_unprepare(): entry
rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_post_disable(): entry
reboot: Restarting system
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel DRM driver for Renesas RZ/G2L boards, a reboot that triggers panels requiring MIPI‑DSI commands in their unprepare() routine can cause the kernel to panic. The panic occurs when the existing stop sequence is invoked prematurely, leading the driver to attempt a data transfer on a stopped interface. The crash results in an OS halt that requires a hard reset, effectively denying service to the affected machine.

Affected Systems

Linux kernel builds that include the renesas DRM driver on Renesas RZ/G2L hardware, particularly when a connected panel performs MIPI‑DSI communication during its unprepare() callback. The issue exists in kernel versions that contain commit 56de5e305d4b and earlier; it has been fixed in later revisions of the driver. No specific kernel release notation is provided in the advisory.

Risk and Exploitability

The flaw manifests during system shutdown or reboot, which normally requires local privileged access; no evidence indicates remote exploitation is possible. EPSS information is not available and the vulnerability is not listed in CISA KEV. The risk is operational: a system crash that interrupts service and requires manual recovery. The CVSS score is not disclosed, so the exploitation likelihood cannot be quantified precisely, but the lack of public exploitation data suggests a low to moderate practical risk. The primary attack vector is a local privileged reboot trigger.

Generated by OpenCVE AI on May 9, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a release that includes commit 56de5e305d4b and the subsequent driver changes that relocate the stop sequence to rzg2l_mipi_dsi_atomic_post_disable.
  • Test the upgraded kernel on a non‑production system by performing a controlled reboot while the affected panel is connected, confirming that no kernel panic occurs.
  • If an immediate kernel update is not feasible, schedule all reboots or power‑cycle operations during planned maintenance windows to minimize the chance of a panic during unexpected shutdowns.

Generated by OpenCVE AI on May 9, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
CWE-416

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-841
References

Fri, 08 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
CWE-416

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b ("clk: renesas: r9a07g044: Add MSTOP for RZ/G2L") we may get the following kernel panic, for some panels, when rebooting: systemd-shutdown[1]: Rebooting. Call trace: ... do_serror+0x28/0x68 el1h_64_error_handler+0x34/0x50 el1h_64_error+0x6c/0x70 rzg2l_mipi_dsi_host_transfer+0x114/0x458 (P) mipi_dsi_device_transfer+0x44/0x58 mipi_dsi_dcs_set_display_off_multi+0x9c/0xc4 ili9881c_unprepare+0x38/0x88 drm_panel_unprepare+0xbc/0x108 This happens for panels that need to send MIPI-DSI commands in their unprepare() callback. Since the MIPI-DSI interface is stopped at that point, rzg2l_mipi_dsi_host_transfer() triggers the kernel panic. Fix by moving rzg2l_mipi_dsi_stop() to new callback function rzg2l_mipi_dsi_atomic_post_disable(). With this change we now have the correct power-down/stop sequence: systemd-shutdown[1]: Rebooting. rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_disable(): entry ili9881c-dsi 10850000.dsi.0: ili9881c_unprepare(): entry rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_post_disable(): entry reboot: Restarting system
Title drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-09T04:10:07.227Z

Reserved: 2026-05-01T14:12:55.999Z

Link: CVE-2026-43294

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:36.487

Modified: 2026-05-08T14:16:36.487

Link: CVE-2026-43294

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43294 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T05:00:10Z

Weaknesses