VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-43191

CVE-2026-43191

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35

[Why] A backport of the change made for DCN401 that addresses an issue where we turn off the PHY PLL when disabling TMDS output, which causes the OTG to remain stuck.

The OTG being stuck can lead to a hang in the DCHVM's ability to ACK invalidations when it thinks the HUBP is still on but it's not receiving global sync.

The transition to PLL_ON needs to be atomic as there's no guarantee that the thread isn't pre-empted or is able to complete before the IOMMU watchdog times out.

[How] Backport the implementation from dcn401 back to dcn35.

There's a functional difference in when the eDP output is disabled in dcn401 code so we don't want to utilize it directly.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in the Linux kernel's AMD display driver for DCN35 causes a hang when disabling TMDS output due to improper PHY PLL transition, fixed by backporting a DCN401 patch.

The vulnerability resides in the Linux kernel's DRM/AMD display driver for DCN35 hardware. When disabling TMDS output, the PHY PLL is turned off in a non-atomic manner, causing the Output Timing Generator (OTG) to become stuck. This state prevents the DCHVM from acknowledging invalidations, as the HUBP appears active but fails to receive global sync signals, leading to a system hang [1].

Exploitation requires the ability to trigger a display mode change on a system with DCN35 hardware. No special privileges beyond user-level access to change display settings are needed. The attack surface is local, but the resulting denial of service can render the system unresponsive.

Successful exploitation allows an attacker with local access to cause a denial of service via system hang. The CVSS v3 score of 5.5 (Medium) reflects the availability impact, as integrity and confidentiality are unaffected.

A fix has been backported from the DCN401 implementation to DCN35 and is included in Linux kernel stable updates [1][2]. Users should apply the latest kernel patches to mitigate the issue.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • Linux/Kernel
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=6.7,<6.19.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

1