CVE-2026-43337
Received Received - Intake
NULL Pointer Dereference in AMD Display Driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering the update path. However, the existing condition: ((!fams2_enable && update_bw_bounding_box) || freq_changed) does not guarantee this, as the freq_changed branch can evaluate to true independently of the callback pointer. This can result in calling update_bw_bounding_box() when it is NULL. Fix this by separating the update condition from the pointer checks and ensuring the callback, dc->clk_mgr, and bw_params are validated before use. Fixes the below: ../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed 'dc->res_pool->funcs->update_bw_bounding_box' could be null (see line 362) (cherry picked from commit 86117c5ab42f21562fedb0a64bffea3ee5fcd477)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43337
EUVD
EUVD-2026-28621
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's AMD display driver code, specifically in the function dcn401_init_hw(). The function assumes that a callback function update_bw_bounding_box() is valid when entering an update path. However, due to a logical condition, the code can call update_bw_bounding_box() even when it is NULL, leading to a NULL pointer dereference.

The issue arises because the condition that controls the call does not guarantee the callback pointer is valid, especially when the freq_changed branch evaluates to true independently of the callback pointer. This can cause the system to attempt to execute a NULL function pointer.

The fix involves separating the update condition from the pointer checks and validating the callback, clock manager, and bandwidth parameters before use to prevent the NULL pointer dereference.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel's AMD display driver, which may lead to system instability or crashes. When the system attempts to call a NULL function pointer, it can result in a kernel panic or other unexpected behavior, potentially causing denial of service.

Mitigation Strategies

The vulnerability in the Linux kernel related to drm/amd/display's dcn401_init_hw() function has been fixed by ensuring proper validation of the callback pointer and related parameters before use.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes the fix for this issue.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43337. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart