Description
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dpu: fix mismatch between power and frequency

During DPU runtime suspend, calling dev_pm_opp_set_rate(dev, 0) drops
the MMCX rail to MIN_SVS while the core clock frequency remains at its
original (highest) rate. When runtime resume re-enables the clock, this
may result in a mismatch between the rail voltage and the clock rate.

For example, in the DPU bind path, the sequence could be:
cpu0: dev_sync_state -> rpmhpd_sync_state
cpu1: dpu_kms_hw_init
timeline 0 ------------------------------------------------> t

After rpmhpd_sync_state, the voltage performance is no longer guaranteed
to stay at the highest level. During dpu_kms_hw_init, calling
dev_pm_opp_set_rate(dev, 0) drops the voltage, causing the MMCX rail to
fall to MIN_SVS while the core clock is still at its maximum frequency.
When the power is re-enabled, only the clock is enabled, leading to a
situation where the MMCX rail is at MIN_SVS but the core clock is at its
highest rate. In this state, the rail cannot sustain the clock rate,
which may cause instability or system crash.

Remove the call to dev_pm_opp_set_rate(dev, 0) from dpu_runtime_suspend
to ensure the correct vote is restored when DPU resumes.

Patchwork: https://patchwork.freedesktop.org/patch/710077/
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During a DPU runtime suspend, the driver calls dev_pm_opp_set_rate(dev, 0), which lowers the MMCX rail voltage to its minimum while the core clock stays at its original, highest rate. When the system later resumes, only the clock is re‑enabled, leaving the rail at insufficient voltage for the clock. This mismatch can cause the device to become unstable or crash, impacting system availability. The weakness is rooted in improper power‑management coordination and is documented with CWE‑367.

Affected Systems

The flaw exists in the drm/msm/dpu driver of the Linux kernel. Any Linux system includes this driver—and that has not yet incorporated the patch to remove the dev_pm_opp_set_rate call—could be subject to the instability. While the CVE does not enumerate specific kernel versions, all recent builds using DPU support should be considered potentially vulnerable until the patch is applied.

Risk and Exploitability

The EPSS score is less vulnerability is not listed in the CISA KEV catalog, indicating an extremely low exploitation probability and limited public threat activity. The CVSS score is not available in the CVE record, so we cannot quantify severity with that metric. The attack vector is local: an attacker with access to trigger a runtime suspend/resume cycle (for example, through a privileged application or trusted driver) can induce the mismatch and cause a crash. No remote or privilege‑escalation vectors are described, so the risk remains primarily a local denial‑of‑service concern.

Generated by OpenCVE AI on June 27, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • the dev_pm_opp_set_rate(dev, 0) call from the dpu_runtime_suspend path so that voltage and frequency remain consistent during suspend and resume.
  • If using a custom or out‑of‑tree kernel, locate and delete any remaining calls to dev_pm_opp_set_rate with a zero rate in the DPU driver code and rebuild the module.
  • After applying the patch or rebuild, run a comprehensive suspend/resume regression test to verify that the system no longer crashes and monitor logs for any power‑management related warnings.

Generated by OpenCVE AI on June 27, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sat, 27 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-399

Sat, 27 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-399

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: fix mismatch between power and frequency During DPU runtime suspend, calling dev_pm_opp_set_rate(dev, 0) drops the MMCX rail to MIN_SVS while the core clock frequency remains at its original (highest) rate. When runtime resume re-enables the clock, this may result in a mismatch between the rail voltage and the clock rate. For example, in the DPU bind path, the sequence could be: cpu0: dev_sync_state -> rpmhpd_sync_state cpu1: dpu_kms_hw_init timeline 0 ------------------------------------------------> t After rpmhpd_sync_state, the voltage performance is no longer guaranteed to stay at the highest level. During dpu_kms_hw_init, calling dev_pm_opp_set_rate(dev, 0) drops the voltage, causing the MMCX rail to fall to MIN_SVS while the core clock is still at its maximum frequency. When the power is re-enabled, only the clock is enabled, leading to a situation where the MMCX rail is at MIN_SVS but the core clock is at its highest rate. In this state, the rail cannot sustain the clock rate, which may cause instability or system crash. Remove the call to dev_pm_opp_set_rate(dev, 0) from dpu_runtime_suspend to ensure the correct vote is restored when DPU resumes. Patchwork: https://patchwork.freedesktop.org/patch/710077/
Title drm/msm/dpu: fix mismatch between power and frequency
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:01.694Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53056

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53056 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T06:00:12Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition