CVE-2026-43300
Null-pointer Dereference in Linux Kernel DRM Panel Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential null-pointer dereference in the Linux kernel's drm/panel component, specifically in the function jdi_panel_dsi_remove().
The function checks if a pointer named 'jdi' is NULL and calls mipi_dsi_detach(dsi) if it is. However, it does not return early and continues to call jdi_panel_disable() using the 'jdi' pointer.
Inside jdi_panel_disable(), the 'jdi' pointer is dereferenced without checking if it is NULL, which can lead to a NULL-pointer dereference and potentially cause a crash or undefined behavior.
The fix involves returning early from jdi_panel_dsi_remove() when 'jdi' is NULL to prevent this issue.
How can this vulnerability impact me? :
A NULL-pointer dereference in the Linux kernel can cause the affected system to crash or behave unpredictably.
This may lead to denial of service conditions where the system or device becomes unresponsive or requires a reboot.
Depending on the environment, this could disrupt normal operations or services relying on the kernel's drm/panel functionality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue in jdi_panel_dsi_remove() has been fixed. The fix involves returning early from the function when the jdi pointer is NULL to prevent a NULL-pointer dereference.