CVE-2026-43191
Awaiting Analysis Awaiting Analysis - Queue
Kernel Hang Due to PHY PLL State in AMD Display DCN35

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35 [Why] A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to remain stuck. The OTG being stuck can lead to a hang in the DCHVM's ability to ACK invalidations when it thinks the HUBP is still on but it's not receiving global sync. The transition to PLL_ON needs to be atomic as there's no guarantee that the thread isn't pre-empted or is able to complete before the IOMMU watchdog times out. [How] Backport the implementation from dcn401 back to dcn35. There's a functional difference in when the eDP output is disabled in dcn401 code so we don't want to utilize it directly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43191
EUVD
EUVD-2026-27753
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's AMD display driver, specifically in the drm/amd/display component. It involves the PHY finite state machine (FSM) transition related to TMDS (Transition Minimized Differential Signaling) on DCN35 hardware. The issue arises because the PHY PLL (Phase-Locked Loop) is turned off when disabling the TMDS output, causing the OTG (Output Timing Generator) to become stuck.

When the OTG is stuck, it can cause a hang in the DCHVM's (Display Controller Hardware Virtual Machine) ability to acknowledge invalidations, as it incorrectly believes the HUBP (Hub Pipe) is still active but is not receiving global synchronization signals.

The fix involves adjusting the FSM transition to ensure it moves atomically from TX_EN to PLL_ON, preventing pre-emption or incomplete transitions before the IOMMU watchdog times out. This fix was backported from a newer hardware version (dcn401) to dcn35, with some functional differences to accommodate the older hardware.


How can this vulnerability impact me? :

This vulnerability can cause the display output timing generator (OTG) to become stuck, which may lead to a system hang or instability in the display subsystem. Specifically, the DCHVM may hang while waiting for acknowledgments of invalidations, potentially causing display issues or system responsiveness problems related to graphics output.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by backporting a change to the Linux kernel's drm/amd/display driver that adjusts the PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart