CVE-2026-43381
Analyzed Analyzed - Analysis Complete
nouveau DPCD Auxiliary Transfer EBUSY on Runtime Suspend

Publication date: 2026-05-08

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024 RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] This is a simple fix to get backported. We should probably engineer a proper power domain solution to wake up devices and keep them awake while fw updates are happening.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-26
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43381
EUVD
EUVD-2026-28687
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 3.16 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information about CVE-2026-43381 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability occurs in the Linux kernel's nouveau driver, specifically in the handling of DisplayPort auxiliary transfers when the device is in a runtime suspended (asleep) state.

When userspace tries to use /dev/drm_dp_* devices while the hardware is suspended, the driver previously could crash due to improper handling in the GSP (Graphics System Processor) code.

The fix implemented returns an EBUSY error to userspace to indicate the device is busy instead of allowing a crash, preventing system instability.

Impact Analysis

If unpatched, this vulnerability can cause the system to crash when userspace attempts to access DisplayPort auxiliary devices while the device is suspended.

Such crashes can lead to system instability or unexpected reboots, potentially interrupting workflows or causing data loss.

Mitigation Strategies

The vulnerability is fixed by returning EBUSY for aux transfers if the device is asleep, preventing crashes when userspace accesses /dev/drm_dp_* during runtime suspension.

Immediate mitigation involves updating the Linux kernel to a version that includes this fix (e.g., 6.18.10-200.fc43.x86_64 or later) to avoid crashes related to the nouveau driver when the device is runtime suspended.

Detection Guidance

This vulnerability relates to the nouveau driver in the Linux kernel, specifically when the device is runtime suspended and userspace attempts to use /dev/drm_dp_* devices. Detection involves monitoring for kernel messages or crashes related to the nouveau driver, particularly errors like "return EBUSY for aux xfer if the device is asleep" or warnings in the kernel logs referencing r535_gsp_msgq_wait in the nouveau module.

To detect this on your system, you can check the kernel logs for relevant error messages using commands such as:

  • dmesg | grep -i nouveau
  • journalctl -k | grep -i nouveau
  • journalctl -k | grep -i 'r535_gsp_msgq_wait'

Additionally, monitoring for crashes or failures in processes like fwupd that interact with the GPU device may also indicate the presence of this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43381. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart