From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6670B175A77 for ; Fri, 8 May 2026 14:23:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778250200; cv=none; b=u23FdRz1b07n9bH1IDm2CK0GwkC4a+YyxKvWtcd+CFI+fMmMyCoNeJff955YQ3a0RPKwu487TKb1TFfADXySkTleRpcfnq8o9I2F1mKBwYiUkQYwQ488xxeymn/szc88eSKwZAuXlkwXnbOqUYRPUb4dJYZsKtqxwYwjXxRdmNc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778250200; c=relaxed/simple; bh=Nm8IExsQ9jIfxnuuKy23Q4ABFdygffFFiS1yoMlo3Uw=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=lOudd87yKk+nnv0/n/Mn2ezZqAs1377RFJersvfOvn/2tCLu5Kq/x26tRBm2j0QTur04YqA94KZQvtWzF9b/qhBZKcYbfFIy6JyUtUVu5b1SLsDJB109RidVDTZtERnRD2EP8qS4bZGBOn9RUGMr+0hFpRln/lagHngowyQlZKQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=ayRQUBea; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="ayRQUBea" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F055BC2BCB0; Fri, 8 May 2026 14:23:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778250200; bh=Nm8IExsQ9jIfxnuuKy23Q4ABFdygffFFiS1yoMlo3Uw=; h=From:To:Cc:Subject:Date:Reply-To:From; b=ayRQUBeakidOfIXnTN+4KMmGWfkOxNN8Ow0Hl88+B8hGSrICbqDf8Gn4wo6uhWH1e IHmYMecVyxnbas3XK+GVCUoYW2Mtf/eMrJKz6Y9XxGg1h6qr7sozp0l5slPHtFU+UM 9iH36mBK/EYA9aEbX1+1qDXzdYq0FKX6i3jwcldQ= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-43381: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep Date: Fri, 8 May 2026 16:21:50 +0200 Message-ID: <2026050833-CVE-2026-43381-e311@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3838; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=Rmzoj5/jWhFHmDEXrMJZliI1PxZHRgr2d3IWen7BYWg=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/P+Y+++cmuPXs9vfv39sFvT8uxXc6Q/rKTsZNt+ZEF 1z78q5oQ0csC4MgE4OsmCLLl208R/dXHFL0MrQ9DTOHlQlkCAMXpwBM5Fc3w4IDtdoNjSoSU/h9 N51m9Lwo0qPzcRPDgkMTbVY0ezz71S3xO69FlKv+UGWVAQA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024 RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] This is a simple fix to get backported. We should probably engineer a proper power domain solution to wake up devices and keep them awake while fw updates are happening. The Linux kernel CVE team has assigned CVE-2026-43381 to this issue. Affected and fixed versions =========================== Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 5.10.253 with commit 178df7c91e6c202579284df9f79d1592a514cdcf Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 5.15.203 with commit 4df518aa196085909fd7e32518ecd27fba60ed69 Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.1.167 with commit cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.6.130 with commit fad178ae894930520519ead3c8e0150641466360 Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.12.78 with commit 6bdd2d70c338d52c387d3b3aadc596784ae81b01 Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.18.19 with commit ad8fa5bff53f5d1f8394f996850da8ce070eaee3 Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 6.19.9 with commit 24639553a016578222ac597db924dfb6fa5ec8b5 Issue introduced in 3.16 with commit 8894f4919bc43f821775db2cfff4b917871b2102 and fixed in 7.0 with commit 8f3c6f08ababad2e3bdd239728cf66a9949446b4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-43381 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/nouveau/nouveau_connector.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/178df7c91e6c202579284df9f79d1592a514cdcf https://git.kernel.org/stable/c/4df518aa196085909fd7e32518ecd27fba60ed69 https://git.kernel.org/stable/c/cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c https://git.kernel.org/stable/c/fad178ae894930520519ead3c8e0150641466360 https://git.kernel.org/stable/c/6bdd2d70c338d52c387d3b3aadc596784ae81b01 https://git.kernel.org/stable/c/ad8fa5bff53f5d1f8394f996850da8ce070eaee3 https://git.kernel.org/stable/c/24639553a016578222ac597db924dfb6fa5ec8b5 https://git.kernel.org/stable/c/8f3c6f08ababad2e3bdd239728cf66a9949446b4