CVE-2026-43381

EUVD-2026-28687

08.05.2026, 15:16

In the Linux kernel, the following vulnerability has been resolved:

nouveau/dpcd: return EBUSY for aux xfer if the device is asleep

If we have runtime suspended, and userspace wants to use /dev/drm_dp_*
then just tell it the device is busy instead of crashing in the GSP
code.

WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]
CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy)
Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024
RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]

This is a simple fix to get backported. We should probably engineer a
proper power domain solution to wake up devices and keep them awake
while fw updates are happening.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	3.16 ≤ 𝑥 < 5.10.253
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.203
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.167
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.130
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.78
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.19
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.9
linux	linux_kernel	7.0:rc1
linux	linux_kernel	7.0:rc2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.257-1 fixed
forky	7.0.12-2 fixed
sid	7.0.13-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.94-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-10T22:00:00+00:00

References

https://git.kernel.org/stable/c/178df7c91e6c202579284df9f79d1592a514cdcf

https://git.kernel.org/stable/c/24639553a016578222ac597db924dfb6fa5ec8b5

https://git.kernel.org/stable/c/4df518aa196085909fd7e32518ecd27fba60ed69

https://git.kernel.org/stable/c/6bdd2d70c338d52c387d3b3aadc596784ae81b01

https://git.kernel.org/stable/c/8f3c6f08ababad2e3bdd239728cf66a9949446b4

https://git.kernel.org/stable/c/ad8fa5bff53f5d1f8394f996850da8ce070eaee3

https://git.kernel.org/stable/c/cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c

https://git.kernel.org/stable/c/fad178ae894930520519ead3c8e0150641466360