CVE-2026-43381: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

nouveau/dpcd: return EBUSY for aux xfer if the device is asleep

If we have runtime suspended, and userspace wants to use /dev/drm_dp_*
then just tell it the device is busy instead of crashing in the GSP
code.

WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]
CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy)
Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024
RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]

This is a simple fix to get backported. We should probably engineer a
proper power domain solution to wake up devices and keep them awake
while fw updates are happening.

The Linux kernel CVE team has assigned CVE-2026-43381 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 5.10.253 with commit 178df7c91e6c202579284df9f79d1592a514cdcf
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 5.15.203 with commit 4df518aa196085909fd7e32518ecd27fba60ed69
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.1.167 with commit cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.6.130 with commit fad178ae894930520519ead3c8e0150641466360
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.12.78 with commit 6bdd2d70c338d52c387d3b3aadc596784ae81b01
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.18.19 with commit ad8fa5bff53f5d1f8394f996850da8ce070eaee3
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.19.9 with commit 24639553a016578222ac597db924dfb6fa5ec8b5
	Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 7.0 with commit 8f3c6f08ababad2e3bdd239728cf66a9949446b4

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2026-43381
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/gpu/drm/nouveau/nouveau_connector.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/178df7c91e6c202579284df9f79d1592a514cdcf
	https://git.kernel.org/stable/c/4df518aa196085909fd7e32518ecd27fba60ed69
	https://git.kernel.org/stable/c/cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c
	https://git.kernel.org/stable/c/fad178ae894930520519ead3c8e0150641466360
	https://git.kernel.org/stable/c/6bdd2d70c338d52c387d3b3aadc596784ae81b01
	https://git.kernel.org/stable/c/ad8fa5bff53f5d1f8394f996850da8ce070eaee3
	https://git.kernel.org/stable/c/24639553a016578222ac597db924dfb6fa5ec8b5
	https://git.kernel.org/stable/c/8f3c6f08ababad2e3bdd239728cf66a9949446b4