Zero Day MonitorZDM

← Back to list

—

CVE-2026-43337EXPLOITEDPATCHED

amd · amd display

drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()

Description

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.21/6.19.11. Affected by this vulnerability is the function dcn401_init_hw. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-43337. The attack must originate from the local network. It is recommended to upgrade the affected component.

Affected Products

Vendor	Product	Versions
amd	amd display	ca0fb243c3bb53dbbd71d16c76f319bf923ee3d4, ca0fb243c3bb53dbbd71d16c76f319bf923ee3d4, ca0fb243c3bb53dbbd71d16c76f319bf923ee3d4, e13689793b9c0e7b5749954e77f5f85e68fe7138, 6.12, 6.18.21, 6.19.11

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source linux kernel	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories9h ago

[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-43337 | Linux Kernel up to 6.18.21/6.19.11 dcn401_init_hw null pointer dereference

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10c13c111d0d7f8e101c742feff264fc98e3f9f72d4a6f0702c5211e0be8b688c5fc24f082ec74d6e927b36ae18b66b49219eaa9f46edc7b4fdbb25e06.18.226.19.127.0

PublishedMay 8, 2026

Last enriched3d agov2

Trending Score58

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-43318EXP

drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

CRITICALCVE-2026-43444EXP

drm/amdkfd: Unreserve bo if queue update failed

NONECVE-2025-71294EXP

drm/amdgpu: fix NULL pointer issue buffer funcs

HIGHCVE-2026-31766

drm/amdgpu: validate doorbell_offset in user queue creation

NONECVE-2026-31628

x86/CPU: Fix FPDSS on Zen1

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 8, 2026

Discovered by ZDM

May 8, 2026

Actively Exploited

May 8, 2026

Patch Available

May 8, 2026

Updated: description, affectedVersions, severity, activelyExploited

May 8, 2026

Version History

v2

Last enriched 3d ago

v2Tier C3d ago

Updated severity to CRITICAL, added affected versions 6.18.21 and 6.19.11, and noted that no exploit is available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v13d ago

Initial creation