1. Home
  2. Vulnerabilities
  3. CVE-2026-43381
0.0
NA
CVE-2026-43381
nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024 RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] This is a simple fix to get backported. We should probably engineer a proper power domain solution to wake up devices and keep them awake while fw updates are happening.

Details
INFO

Published Date :

May 8, 2026, 3:16 p.m.

Last Modified :

May 8, 2026, 3:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-43381 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Update the Linux kernel driver to handle device sleep states correctly.
  • Apply the kernel patch for nouveau/dpcd.
  • Backport the fix to affected kernel versions.
  • Consider a power domain solution for device wake-up.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-43381.

URL Resource
https://git.kernel.org/stable/c/178df7c91e6c202579284df9f79d1592a514cdcf
https://git.kernel.org/stable/c/24639553a016578222ac597db924dfb6fa5ec8b5
https://git.kernel.org/stable/c/4df518aa196085909fd7e32518ecd27fba60ed69
https://git.kernel.org/stable/c/6bdd2d70c338d52c387d3b3aadc596784ae81b01
https://git.kernel.org/stable/c/8f3c6f08ababad2e3bdd239728cf66a9949446b4
https://git.kernel.org/stable/c/ad8fa5bff53f5d1f8394f996850da8ce070eaee3
https://git.kernel.org/stable/c/cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c
https://git.kernel.org/stable/c/fad178ae894930520519ead3c8e0150641466360
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-43381 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-43381 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-43381 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-43381 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 08, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm_dp_* then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy) Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024 RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau] This is a simple fix to get backported. We should probably engineer a proper power domain solution to wake up devices and keep them awake while fw updates are happening.
    Added Reference https://git.kernel.org/stable/c/178df7c91e6c202579284df9f79d1592a514cdcf
    Added Reference https://git.kernel.org/stable/c/24639553a016578222ac597db924dfb6fa5ec8b5
    Added Reference https://git.kernel.org/stable/c/4df518aa196085909fd7e32518ecd27fba60ed69
    Added Reference https://git.kernel.org/stable/c/6bdd2d70c338d52c387d3b3aadc596784ae81b01
    Added Reference https://git.kernel.org/stable/c/8f3c6f08ababad2e3bdd239728cf66a9949446b4
    Added Reference https://git.kernel.org/stable/c/ad8fa5bff53f5d1f8394f996850da8ce070eaee3
    Added Reference https://git.kernel.org/stable/c/cd24cab2023aa46b595bc6b9cc39d8973d9d0a8c
    Added Reference https://git.kernel.org/stable/c/fad178ae894930520519ead3c8e0150641466360
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.