CVE-2026-43337
Received Received - Intake
NULL Pointer Dereference in AMD Display Driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition: ((!fams2_enable && update_bw_bounding_box) || freq_changed) does not guarantee this, as the freq_changed branch can evaluate to true independently of the callback pointer. This can result in calling update_bw_bounding_box() when it is NULL. Fix this by separating the update condition from the pointer checks and ensuring the callback, dc->clk_mgr, and bw_params are validated before use. Fixes the below: ../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed 'dc->res_pool->funcs->update_bw_bounding_box' could be null (see line 362) (cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43337
EUVD
EUVD-2026-28621
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's AMD display driver code, specifically in the function dcn401_init_hw(). The function assumes that a callback function update_bw_bounding_box() is valid when entering an update path. However, due to a logical condition, the code can call update_bw_bounding_box() even when it is NULL, leading to a NULL pointer dereference.

The issue arises because the condition that controls the call does not guarantee the callback pointer is valid, especially when the freq_changed branch evaluates to true independently of the callback pointer. This can cause the system to attempt to execute a NULL function pointer.

The fix involves separating the update condition from the pointer checks and validating the callback, clock manager, and bandwidth parameters before use to prevent the NULL pointer dereference.


How can this vulnerability impact me? :

This vulnerability can cause a NULL pointer dereference in the Linux kernel's AMD display driver, which may lead to system instability or crashes. When the system attempts to call a NULL function pointer, it can result in a kernel panic or other unexpected behavior, potentially causing denial of service.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability in the Linux kernel related to drm/amd/display's dcn401_init_hw() function has been fixed by ensuring proper validation of the callback pointer and related parameters before use.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes the fix for this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart