{"api_version":"1","generated_at":"2026-05-11T20:55:14+00:00","cve":"CVE-2026-43294","urls":{"html":"https://cve.report/CVE-2026-43294","api":"https://cve.report/api/cve/CVE-2026-43294.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43294","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43294"},"summary":{"title":"drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels\n\nSince commit 56de5e305d4b (\"clk: renesas: r9a07g044: Add MSTOP for RZ/G2L\")\nwe may get the following kernel panic, for some panels, when rebooting:\n\n  systemd-shutdown[1]: Rebooting.\n  Call trace:\n   ...\n   do_serror+0x28/0x68\n   el1h_64_error_handler+0x34/0x50\n   el1h_64_error+0x6c/0x70\n   rzg2l_mipi_dsi_host_transfer+0x114/0x458 (P)\n   mipi_dsi_device_transfer+0x44/0x58\n   mipi_dsi_dcs_set_display_off_multi+0x9c/0xc4\n   ili9881c_unprepare+0x38/0x88\n   drm_panel_unprepare+0xbc/0x108\n\nThis happens for panels that need to send MIPI-DSI commands in their\nunprepare() callback. Since the MIPI-DSI interface is stopped at that\npoint, rzg2l_mipi_dsi_host_transfer() triggers the kernel panic.\n\nFix by moving rzg2l_mipi_dsi_stop() to new callback function\nrzg2l_mipi_dsi_atomic_post_disable().\n\nWith this change we now have the correct power-down/stop sequence:\n\n  systemd-shutdown[1]: Rebooting.\n  rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_disable(): entry\n  ili9881c-dsi 10850000.dsi.0: ili9881c_unprepare(): entry\n  rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_post_disable(): entry\n  reboot: Restarting system","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-08 14:16:36","updated_at":"2026-05-08 14:16:36"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/79f42487ed60d0d5ffce97c3bb98f80c3d17735a","name":"https://git.kernel.org/stable/c/79f42487ed60d0d5ffce97c3bb98f80c3d17735a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/64aa8b3a60a825134f7d866adf05c024bbe0c24c","name":"https://git.kernel.org/stable/c/64aa8b3a60a825134f7d866adf05c024bbe0c24c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/41cda667ffc5074c56279c632b0c20024da6ecdd","name":"https://git.kernel.org/stable/c/41cda667ffc5074c56279c632b0c20024da6ecdd","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43294","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43294","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 79f42487ed60d0d5ffce97c3bb98f80c3d17735a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 41cda667ffc5074c56279c632b0c20024da6ecdd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 64aa8b3a60a825134f7d866adf05c024bbe0c24c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.16 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.6 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"43294","cve":"CVE-2026-43294","epss":"0.000170000","percentile":"0.041380000","score_date":"2026-05-10","updated_at":"2026-05-11 00:14:41"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"79f42487ed60d0d5ffce97c3bb98f80c3d17735a","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"41cda667ffc5074c56279c632b0c20024da6ecdd","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"64aa8b3a60a825134f7d866adf05c024bbe0c24c","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.16","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.6","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.16","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels\n\nSince commit 56de5e305d4b (\"clk: renesas: r9a07g044: Add MSTOP for RZ/G2L\")\nwe may get the following kernel panic, for some panels, when rebooting:\n\n  systemd-shutdown[1]: Rebooting.\n  Call trace:\n   ...\n   do_serror+0x28/0x68\n   el1h_64_error_handler+0x34/0x50\n   el1h_64_error+0x6c/0x70\n   rzg2l_mipi_dsi_host_transfer+0x114/0x458 (P)\n   mipi_dsi_device_transfer+0x44/0x58\n   mipi_dsi_dcs_set_display_off_multi+0x9c/0xc4\n   ili9881c_unprepare+0x38/0x88\n   drm_panel_unprepare+0xbc/0x108\n\nThis happens for panels that need to send MIPI-DSI commands in their\nunprepare() callback. Since the MIPI-DSI interface is stopped at that\npoint, rzg2l_mipi_dsi_host_transfer() triggers the kernel panic.\n\nFix by moving rzg2l_mipi_dsi_stop() to new callback function\nrzg2l_mipi_dsi_atomic_post_disable().\n\nWith this change we now have the correct power-down/stop sequence:\n\n  systemd-shutdown[1]: Rebooting.\n  rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_disable(): entry\n  ili9881c-dsi 10850000.dsi.0: ili9881c_unprepare(): entry\n  rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_post_disable(): entry\n  reboot: Restarting system"}],"providerMetadata":{"dateUpdated":"2026-05-08T13:11:17.483Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/79f42487ed60d0d5ffce97c3bb98f80c3d17735a"},{"url":"https://git.kernel.org/stable/c/41cda667ffc5074c56279c632b0c20024da6ecdd"},{"url":"https://git.kernel.org/stable/c/64aa8b3a60a825134f7d866adf05c024bbe0c24c"}],"title":"drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43294","datePublished":"2026-05-08T13:11:17.483Z","dateReserved":"2026-05-01T14:12:55.999Z","dateUpdated":"2026-05-08T13:11:17.483Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-08 14:16:36","lastModifiedDate":"2026-05-08 14:16:36","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43294","Ordinal":"1","Title":"drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting f","CVE":"CVE-2026-43294","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43294","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels\n\nSince commit 56de5e305d4b (\"clk: renesas: r9a07g044: Add MSTOP for RZ/G2L\")\nwe may get the following kernel panic, for some panels, when rebooting:\n\n  systemd-shutdown[1]: Rebooting.\n  Call trace:\n   ...\n   do_serror+0x28/0x68\n   el1h_64_error_handler+0x34/0x50\n   el1h_64_error+0x6c/0x70\n   rzg2l_mipi_dsi_host_transfer+0x114/0x458 (P)\n   mipi_dsi_device_transfer+0x44/0x58\n   mipi_dsi_dcs_set_display_off_multi+0x9c/0xc4\n   ili9881c_unprepare+0x38/0x88\n   drm_panel_unprepare+0xbc/0x108\n\nThis happens for panels that need to send MIPI-DSI commands in their\nunprepare() callback. Since the MIPI-DSI interface is stopped at that\npoint, rzg2l_mipi_dsi_host_transfer() triggers the kernel panic.\n\nFix by moving rzg2l_mipi_dsi_stop() to new callback function\nrzg2l_mipi_dsi_atomic_post_disable().\n\nWith this change we now have the correct power-down/stop sequence:\n\n  systemd-shutdown[1]: Rebooting.\n  rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_disable(): entry\n  ili9881c-dsi 10850000.dsi.0: ili9881c_unprepare(): entry\n  rzg2l-mipi-dsi 10850000.dsi: rzg2l_mipi_dsi_atomic_post_disable(): entry\n  reboot: Restarting system","Type":"Description","Title":"drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting f"}]}}}