CVE-2026-43305 - Vulnerability Details

- drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path

[Why]
The evaluation for whether we need to use the DMUB HW lock isn't the
same as whether we need to unlock which results in a hang when the
fast path is used for ASIC without FAMS support.

[How]
Store a flag that indicates whether we should use the lock and use
that same flag to specify whether unlocking is needed.

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from inconsistent handling of the DMUB hardware lock in the AMD DRM display driver. When the kernel logic for acquiring the lock does not align with the logic for releasing it, the system can block indefinitely during the fast-path operation on AMD ASICs that lack FAMS support. This results in a denial-of-service condition that halts driver activity and can propagate to a complete kernel hang, severely impacting system availability. The flaw is rooted in timing and lock protocol misuse, and in improper synchronization leading to deadlock (CWE-832, CWE-667).

Affected Systems

All Linux systems that run a kernel containing the AMD DRM display driver with DMUB lock support and employ the HWSS fast path are potentially affected. The CVE indicates the Linux kernel as the only vendor, with no version constraints, which implies any kernel build that still contains the pre-fix lock logic is vulnerable.

Risk and Exploitability

The CVE lists a CVSS score of 5.5 and an EPSS score of < 1%, indicating a moderate severity and very low likelihood of exploitation. The vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker would need local or privileged access to manipulate GPU request paths, so the attack vector is local. The defect can be triggered by manipulating GPU request paths that engage the fast path, and an attacker with local access could potentially cause a system halt. The requirement for driver interaction suggests that exploitation would be environment-specific and likely require elevated permissions or close proximity to the compromised machine.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7d041982fe11fff29b32a09228c4d52f159b56ad`	affected	< 4e387ad67efb100b645630ffbce7716786f52283
`7d041982fe11fff29b32a09228c4d52f159b56ad`	affected	< af3303970da5ce5bfe6dffdd07f38f42aad603e0

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,4e387ad67efb100b645630ffbce7716786f52283)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,af3303970da5ce5bfe6dffdd07f38f42aad603e0)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the DMUB lock fix; distribution maintainers typically bundle this patch in their kernel updates.
If a kernel upgrade cannot be performed immediately, disable the AMD GPU driver or suspend GPU usage to prevent the fast path from being invoked, thereby avoiding the lock mismatch.
If your distribution offers kernel parameters to force the slow legacy path or disable DMUB locking for unsupported ASICs, enable such settings to mitigate the issue until a patch is deployed.
Check your distribution’s website or kernel update channel for patches or newer kernel releases that contain the fix.

Generated by OpenCVE AI on May 15, 2026 at 15:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4e387ad67efb100b645630ffbce7716786f52283
https://git.kernel.org/stable/c/af3303970da5ce5bfe6dffdd07f38f42aad603e0
https://lore.kernel.org/linux-cve-announce/2026050858-CVE-2026-43305-b13c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43305
https://www.cve.org/CVERecord?id=CVE-2026-43305

History

Fri, 15 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-667
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-368

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-832
References		https://lore.kernel.org/linux-cve-announce/2026050858-CVE-2026-43305-b13c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43305 https://www.cve.org/CVERecord?id=CVE-2026-43305

Fri, 08 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-368

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path [Why] The evaluation for whether we need to use the DMUB HW lock isn't the same as whether we need to unlock which results in a hang when the fast path is used for ASIC without FAMS support. [How] Store a flag that indicates whether we should use the lock and use that same flag to specify whether unlocking is needed.
Title		drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4e387ad67efb100b645630ffbce7716786f52283 https://git.kernel.org/stable/c/af3303970da5ce5bfe6dffdd07f38f42aad603e0

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:24.952Z

Updated: 2026-05-11T22:21:59.194Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43305

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T14:16:37.813

Modified: 2026-05-15T13:23:19.233

Link: CVE-2026-43305

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43305 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-15T16:00:03Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object