Description
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dpu: fix mismatch between power and frequency

During DPU runtime suspend, calling dev_pm_opp_set_rate(dev, 0) drops
the MMCX rail to MIN_SVS while the core clock frequency remains at its
original (highest) rate. When runtime resume re-enables the clock, this
may result in a mismatch between the rail voltage and the clock rate.

For example, in the DPU bind path, the sequence could be:
cpu0: dev_sync_state -> rpmhpd_sync_state
cpu1: dpu_kms_hw_init
timeline 0 ------------------------------------------------> t

After rpmhpd_sync_state, the voltage performance is no longer guaranteed
to stay at the highest level. During dpu_kms_hw_init, calling
dev_pm_opp_set_rate(dev, 0) drops the voltage, causing the MMCX rail to
fall to MIN_SVS while the core clock is still at its maximum frequency.
When the power is re-enabled, only the clock is enabled, leading to a
situation where the MMCX rail is at MIN_SVS but the core clock is at its
highest rate. In this state, the rail cannot sustain the clock rate,
which may cause instability or system crash.

Remove the call to dev_pm_opp_set_rate(dev, 0) from dpu_runtime_suspend
to ensure the correct vote is restored when DPU resumes.

Patchwork: https://patchwork.freedesktop.org/patch/710077/
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During a DPU runtime suspend, a call to dev_pm_opp_set_rate(dev, 0) lowers the MMCX rail to its minimum voltage while the core clock remains at a high frequency. When the device resumes, the clock is re‑enabled without restoring the proper voltage level, leaving the rail unable to sustain the clock rate. This mismatch can cause unpredictable behavior, instability, or a full system crash. The issue is a local resource‑management flaw that directly impacts the availability of the affected device.

Affected Systems

The flaw resides in the Linux kernel's drm/msm/dpu driver, which powers many Qualcomm and related SoC graphics engines. Any Linux system employing this driver—particularly those running newer kernel versions compiled with DPU support—could be impacted. The exact kernel release range is not specified, so all devices using the unpatched DPU path should be considered potentially vulnerable.

Risk and Exploitability

The EPSS score is not available and the flaw is not listed in the CISA KEV catalog, so the baseline exploitation probability remains uncertain. Nonetheless, the vulnerability provides a local denial‑of‑service vector: an attacker who can trigger a runtime suspend/resume cycle (e.g., through a privileged application or a trusted driver) can cause the affected system to crash. There is no evidence of a remote attack surface or privilege escalation in the supplied description, making the risk primarily a local availability concern.

Generated by OpenCVE AI on June 24, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that removes the dev_pm_opp_set_rate(dev, 0) call from dpu_runtime_suspend to restore proper voltage and frequency synchronization during suspend and resume.
  • Re‑build or reconfigure the DPU driver to ensure that no residual calls to dev_pm_opp_set_rate with a zero rate remain, and verify that the voltage constraints are correctly applied after resume.
  • After applying the patch, perform regression testing of suspend/resume flows and monitor the system for any stability regressions or crashes caused by power‑management transitions.

Generated by OpenCVE AI on June 24, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-399

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: fix mismatch between power and frequency During DPU runtime suspend, calling dev_pm_opp_set_rate(dev, 0) drops the MMCX rail to MIN_SVS while the core clock frequency remains at its original (highest) rate. When runtime resume re-enables the clock, this may result in a mismatch between the rail voltage and the clock rate. For example, in the DPU bind path, the sequence could be: cpu0: dev_sync_state -> rpmhpd_sync_state cpu1: dpu_kms_hw_init timeline 0 ------------------------------------------------> t After rpmhpd_sync_state, the voltage performance is no longer guaranteed to stay at the highest level. During dpu_kms_hw_init, calling dev_pm_opp_set_rate(dev, 0) drops the voltage, causing the MMCX rail to fall to MIN_SVS while the core clock is still at its maximum frequency. When the power is re-enabled, only the clock is enabled, leading to a situation where the MMCX rail is at MIN_SVS but the core clock is at its highest rate. In this state, the rail cannot sustain the clock rate, which may cause instability or system crash. Remove the call to dev_pm_opp_set_rate(dev, 0) from dpu_runtime_suspend to ensure the correct vote is restored when DPU resumes. Patchwork: https://patchwork.freedesktop.org/patch/710077/
Title drm/msm/dpu: fix mismatch between power and frequency
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:01.694Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53056

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T19:30:08Z

Weaknesses