CVE-2026-43320 Overview
CVE-2026-43320 affects the Linux kernel's AMD display driver (drm/amd/display) component. The vulnerability stems from a missing function hook check in the Display Stream Compression (DSC) code path used for embedded DisplayPort (eDP) panels. Without verifying that the function pointer is valid before invocation, the kernel can dereference an unpopulated hook and trigger a fault in display initialization or modeset operations.
The issue impacts Linux kernel version 6.12 and 7.0 release candidates rc1 through rc7. The fix adds a function hook check before use, as documented in the upstream commits.
Critical Impact
A local user with permission to interact with the AMD DRM subsystem can trigger a kernel fault, resulting in a denial-of-service condition on systems with affected GPUs and eDP panels.
Affected Products
- Linux kernel 6.12
- Linux kernel 7.0-rc1 through 7.0-rc7
- Distributions shipping the drm/amd/display driver from these versions
Discovery Timeline
- 2026-05-08 - CVE-2026-43320 published to the National Vulnerability Database (NVD)
- 2026-05-15 - Last updated in NVD database
Technical Details for CVE-2026-43320
Vulnerability Analysis
The vulnerability resides in the AMD Display Core (DC) subsystem of the Linux kernel, specifically in the code path handling DSC on eDP panels. The driver invokes a function through a hook pointer without first validating that the hook has been populated for the current hardware configuration.
When DSC is engaged for an eDP output on a configuration where the corresponding hook is not assigned, the call dereferences an invalid pointer. This produces a kernel oops and terminates the offending context, with potential impact on overall system availability depending on which kernel thread is affected.
The upstream commit message states the rationale concisely: "Need to add function hook check before use." The fix introduces a guard that verifies the hook is non-null prior to invocation. CWE classification is recorded as NVD-CWE-noinfo, though the defect pattern aligns with a null pointer dereference in a kernel driver.
Root Cause
The defect is a missing precondition check on a function pointer in the AMD drm display pipeline. The DSC eDP code path assumes a hook is always available for the active panel and codec combination. On hardware or configuration permutations where the hook is not registered, the call site dispatches into an invalid address.
Attack Vector
Exploitation requires local access with privileges sufficient to interact with the DRM subsystem, such as initiating modesets or display configuration changes that engage DSC on an eDP panel. Network attack vectors do not apply. Successful triggering yields an availability impact through a kernel crash, with no direct effect on confidentiality or integrity.
No public proof-of-concept exploit is currently published, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS score is 0.013%, indicating very low probability of observed exploitation activity.
The vulnerability mechanism centers on an unchecked function pointer dispatch within the DSC eDP code path. See the upstream commits referenced under Patch Information for the exact code change.
Detection Methods for CVE-2026-43320
Indicators of Compromise
- Kernel oops or panic entries in dmesg referencing drm/amd/display or DSC function pointers on systems using eDP panels.
- Unexpected display blackouts or session terminations correlated with modeset operations on AMD GPUs.
- journalctl -k traces showing null pointer dereference at addresses within the amdgpu module during DSC configuration.
Detection Strategies
- Inventory running kernel versions across the fleet and flag hosts on Linux 6.12 or any 7.0 release candidate from rc1 to rc7 with AMD GPUs.
- Monitor kernel crash telemetry from kdump, systemd-coredump, or vendor crash reporters for stack traces involving the AMD display driver.
- Correlate display subsystem faults with user sessions performing display reconfiguration on laptops with eDP panels.
Monitoring Recommendations
- Forward dmesg and /var/log/kern.log to a centralized logging backend and alert on kernel oops events referencing amdgpu or dc_dsc.
- Track package and kernel update compliance to ensure patched stable releases are deployed.
- Watch for repeated DRM-related crashes on the same host as a signal of consistent local triggering.
How to Mitigate CVE-2026-43320
Immediate Actions Required
- Update to a stable Linux kernel release containing one of the fix commits: 0481be9f, 11718976, 878a4b73, or c10fe947.
- For systems unable to update immediately, restrict local access to untrusted users on machines with AMD GPUs and eDP panels.
- Prioritize patching on laptops and workstations where eDP-attached panels are the primary display.
Patch Information
The fix has been merged in the upstream stable kernel tree. The relevant commits add a function hook check before the hook is invoked in the DSC eDP code path. References:
- Kernel Git Commit 0481be9
- Kernel Git Commit 11718976
- Kernel Git Commit 878a4b7
- Kernel Git Commit c10fe94
Apply the stable kernel update through your distribution's package manager once the patched kernel is available in the repository.
Workarounds
- Disable DSC on affected eDP outputs where the option is exposed via kernel parameters or driver tunables, accepting reduced bandwidth efficiency on high-resolution panels.
- Limit user accounts permitted to perform DRM modeset operations on affected hosts until the patched kernel is installed.
- Where feasible, use an external DisplayPort or HDMI output instead of the eDP panel to avoid the affected code path.
# Verify current kernel version and check for the patched release
uname -r
# Debian/Ubuntu: install the latest stable kernel
sudo apt update && sudo apt install --only-upgrade linux-image-generic
# Fedora/RHEL: update the kernel package
sudo dnf update kernel
# Reboot to apply the patched kernel
sudo systemctl reboot
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
