Description
In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()

In case if we get errors in cdns_mhdp_link_up() or cdns_mhdp_reg_read()
in atomic_enable, we will go to cdns_mhdp_modeset_retry_fn() and will hit
NULL pointer while trying to access the mutex. We need the connector to
be set before that. Unlike in legacy cases with flag
!DRM_BRIDGE_ATTACH_NO_CONNECTOR, we do not have connector initialised
in bridge_attach(), so add the mhdp->connector_ptr in device structure
to handle both cases with DRM_BRIDGE_ATTACH_NO_CONNECTOR and
!DRM_BRIDGE_ATTACH_NO_CONNECTOR, set it in atomic_enable() earlier to
avoid possible NULL pointer dereference in recovery paths like
modeset_retry_fn() with the DRM_BRIDGE_ATTACH_NO_CONNECTOR flag set.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Cadence cdns‑mhdp8546 graphics bridge driver in the Linux kernel contains an oversight that can result in a null pointer dereference when the driver enters a recovery routine after a mode‑setting failure. The flaw occurs during the atomic_enable() phase, where the driver attempts to access a mutex through a connector pointer that has not yet been initialized. Consequently, dereferencing this null connector causes the kernel to crash, producing a severe impact. This defect does not involve external input or authentication; it is a local kernel bug triggered by mode‑setting errors that can occur during normal driver operation or when software configures display modes.

Affected Systems

This vulnerability affects Linux distributions that ship the Cadence cdns‑mhdp8546 graphics bridge driver in the kernel. The affected releases are those that include the driver prior to the patch that sets the connector pointer in atomic_enable(). Any kernel containing the unpatched driver may be vulnerable.

Risk and Exploitability

The CVSS score is 5.5. The EPSS score of < 1% indicates that the probability of exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. The flaw can lead, causing a reboot or loss of graphical service. Exploitation requires a mode‑setting error that triggers the driver’s recovery path, which suggests a local‑interaction attack vector. The severity of a kernel panic warrants prompt attention despite the low exploitation likelihood.

Generated by OpenCVE AI on June 26, 2026 at 03:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the fix for the cdns‑mhdp8546 driver.
  • Disable the cdns‑mhdp8546 driver if an update is not yet available, by removing it from the kernel configuration or blacklisting it.
  • Monitor system logs for kernel crashes and avoid repeated mode‑setting failures that could trigger the bug.

Generated by OpenCVE AI on June 26, 2026 at 03:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable() In case if we get errors in cdns_mhdp_link_up() or cdns_mhdp_reg_read() in atomic_enable, we will go to cdns_mhdp_modeset_retry_fn() and will hit NULL pointer while trying to access the mutex. We need the connector to be set before that. Unlike in legacy cases with flag !DRM_BRIDGE_ATTACH_NO_CONNECTOR, we do not have connector initialised in bridge_attach(), so add the mhdp->connector_ptr in device structure to handle both cases with DRM_BRIDGE_ATTACH_NO_CONNECTOR and !DRM_BRIDGE_ATTACH_NO_CONNECTOR, set it in atomic_enable() earlier to avoid possible NULL pointer dereference in recovery paths like modeset_retry_fn() with the DRM_BRIDGE_ATTACH_NO_CONNECTOR flag set.
Title drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:03.463Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53058

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53058 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T03:45:16Z

Weaknesses
  • CWE-824

    Access of Uninitialized Pointer