CVE-2026-43300 - Vulnerability Details

- drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

In jdi_panel_dsi_remove(), jdi is explicitly checked, indicating that it
may be NULL:

if (!jdi)
mipi_dsi_detach(dsi);

However, when jdi is NULL, the function does not return and continues by
calling jdi_panel_disable():

err = jdi_panel_disable(&jdi->base);

Inside jdi_panel_disable(), jdi is dereferenced unconditionally, which can
lead to a NULL-pointer dereference:

struct jdi_panel *jdi = to_panel_jdi(panel);
backlight_disable(jdi->backlight);

To prevent such a potential NULL-pointer dereference, return early from
jdi_panel_dsi_remove() when jdi is NULL.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A null‑pointer dereference may occur in the function that removes a DSI panel when the panel driver pointer is NULL. The code continues past a null check and later attempts to access a structure through that pointer, which can lead to a kernel fault and potentially a system crash. The primary impact is the loss of system availability due to the kernel panic that this flaw can trigger. This issue stems from a defect in input validation and pointer safety, classified by CWE‑476.

Affected Systems

Any Linux system running a kernel with the drm/panel implementation described in the advisory is affected. The advisory lists only the generic vendor/product pair "Linux:Linux" and does not specify exact kernel versions, so all distributions whose kernel source contains the unpatched drm/panel code are potentially impacted.

Risk and Exploitability

The CVSS score is not provided and EPSS is not available, which means the formal exploitation likelihood is unknown. The flaw is not listed in CISA's Known Exploited Vulnerabilities catalog, indicating no publicly documented exploitation at the time of this advisory. Because the vulnerability requires execution of the suspicious code path in the kernel (usually triggered by a user who controls the panel or device), the attack vector is likely local and requires privileged or kernel‑mode access. An unhandled null dereference in kernel code can lead to a system crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`25205087df1ffe06ccea9302944ed1f77dc68c6f`	affected	< ec2f37bbb733cdd7ed7d04171fca728a532414d5
`25205087df1ffe06ccea9302944ed1f77dc68c6f`	affected	< 2f5427d8726b22b807beec248d7d6bf88e291e0b
`25205087df1ffe06ccea9302944ed1f77dc68c6f`	affected	< 83ce0085fabf757b039322928188ad78e962d609
`25205087df1ffe06ccea9302944ed1f77dc68c6f`	affected	< 95eed73b871111123a8b1d31cb1fce7e902e49ea

Linux

affected

Version	Status	Constraints
`6.7`	affected	—
`0`	unaffected	< 6.7
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ec2f37bbb733cdd7ed7d04171fca728a532414d5)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2f5427d8726b22b807beec248d7d6bf88e291e0b)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,83ce0085fabf757b039322928188ad78e962d609)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,95eed73b871111123a8b1d31cb1fce7e902e49ea)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the patch commit 2f5427d8726b22b807beec248d7d6bf88e291e0b or a newer version.
If a kernel update is not feasible, remove or disable the affected DSI panel hardware or driver to prevent the vulnerable code path from executing.
If the DSI panel functionality is required, investigate and apply any vendor‑provided driver or firmware update that addresses the null‑pointer dereference, and re‑engage the device under the updated driver.

Generated by OpenCVE AI on May 8, 2026 at 15:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2f5427d8726b22b807beec248d7d6bf88e291e0b
https://git.kernel.org/stable/c/83ce0085fabf757b039322928188ad78e962d609
https://git.kernel.org/stable/c/95eed73b871111123a8b1d31cb1fce7e902e49ea
https://git.kernel.org/stable/c/ec2f37bbb733cdd7ed7d04171fca728a532414d5
https://lore.kernel.org/linux-cve-announce/2026050856-CVE-2026-43300-7dbe@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43300
https://www.cve.org/CVERecord?id=CVE-2026-43300

History

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050856-CVE-2026-43300-7dbe@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43300 https://www.cve.org/CVERecord?id=CVE-2026-43300

Fri, 08 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() In jdi_panel_dsi_remove(), jdi is explicitly checked, indicating that it may be NULL: if (!jdi) mipi_dsi_detach(dsi); However, when jdi is NULL, the function does not return and continues by calling jdi_panel_disable(): err = jdi_panel_disable(&jdi->base); Inside jdi_panel_disable(), jdi is dereferenced unconditionally, which can lead to a NULL-pointer dereference: struct jdi_panel *jdi = to_panel_jdi(panel); backlight_disable(jdi->backlight); To prevent such a potential NULL-pointer dereference, return early from jdi_panel_dsi_remove() when jdi is NULL.
Title		drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2f5427d8726b22b807beec248d7d6bf88e291e0b https://git.kernel.org/stable/c/83ce0085fabf757b039322928188ad78e962d609 https://git.kernel.org/stable/c/95eed73b871111123a8b1d31cb1fce7e902e49ea https://git.kernel.org/stable/c/ec2f37bbb733cdd7ed7d04171fca728a532414d5

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:21.530Z

Updated: 2026-05-09T04:10:13.854Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43300

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:37.223

Modified: 2026-05-08T14:16:37.223

Link: CVE-2026-43300

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43300 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T16:00:12Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object