Windows News
A newly disclosed vulnerability in the Linux kernel’s AMD display driver can freeze or hang systems, prompting a swift patch release and an unusual spotlight in Microsoft’s May 2026 Security Update Guide. Tracked as CVE-2026-43305, the flaw was published through kernel.org on May 8, 2026, and immediately flagged by Microsoft for its potential to disrupt workloads on Windows Subsystem for Linux (WSL) and dual‑boot configurations. The vulnerability, rated high severity, allows a local attacker with basic user privileges to trigger a system-wide hang by exploiting improper locking in the Atomic Mode Setting (AMS) code path—effectively rendering the machine unresponsive without requiring elevated access.
What is CVE-2026-43305?
CVE-2026-43305 is a locking-related flaw in the AMDGPU kernel driver’s display core (DC) component. The bug resides in the function dmplaneatomiccheck(), where a missing mutex unlock on an error path can lead to a deadlock during atomic mode-setting operations. When triggered—typically by a crafted sequence of plane property changes combined with a mode switch—the kernel enters a hung state, blocking all display operations and eventually freezing the user interface. No data corruption or privilege escalation occurs, but the denial-of-service potential is significant, especially on shared systems or headless servers with active graphical sessions.
Kernel.org’s advisory (ID: https://bugzilla.redhat.com/showbug.cgi?id=2338056) classifies the issue under CWE-667: Improper Locking. The Common Vulnerability Scoring System (CVSS) v4.0 string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H gives it a base score of 8.4, emphasizing the complete loss of availability for both the vulnerable component and the overall system.
Technical Breakdown
The root cause is a classic locking error introduced in a kernel commit aimed at optimizing plane state validation. In dmplaneatomiccheck(), the function acquires a mutex (dm->dclock) to serialize access to pipe context structures. If certain checks fail (e.g., resource limits exceeded), the function returns an error code but forgets to release the mutex. Subsequent calls that try to acquire the same lock stall indefinitely.
int dmplaneatomiccheck(struct drmplane plane, struct drmatomicstate state)
{
struct dmplanestate dmplanestate = todmplanestate(plane->state);
struct dc dc = dmplanestate->dc; mutex
lock(&dm->dclock); // ... validation logic ...
if (error
condition) {
DRMERROR("Resource check failed
");
return -EINVAL; // BUG: mutex never unlocked
} mutex
unlock(&dm->dclock);
return 0;
}
An attacker can weaponize this by opening a DRM (Direct Rendering Manager) device file and repeatedly submitting atomic commits with deliberately invalid configurations—essentially a low‑effort local DoS. Proof‑of‑concept code circulating on Linux kernel mailing lists demonstrates hang reproduction within five seconds on Radeon RX 6000 and Radeon Pro W6000 series GPUs running kernels 6.8–6.14.
Impact and Affected Systems
Any Linux distribution using the upstream AMDGPU driver with kernels between 6.8 and 6.14 is vulnerable. This includes:
- Ubuntu 24.04 LTS and newer with HWE kernels
- Fedora 40–42
- Arch Linux (rolling)
- openSUSE Tumbleweed
- Debian 13 (testing/unstable)
Enterprise distributions with backported driver patches (e.g., RHEL 9.5+ or SLES 15 SP6) may also be exposed if they enabled the newer DC code. Systems without an AMD GPU are immune, as are those running the legacy radeon kernel module instead of amdgpu.
The vulnerability is especially dangerous in multi‑user environments: a single unprivileged user can crash the entire graphical stack, affecting all logged‑in users and any services relying on GPU compute. Thin clients, VDI deployments, and headless machines using AMD GPU for display output (e.g., digital signage) face the highest risk.
Microsoft’s Involvement
Microsoft’s Security Update Guide typically covers Windows‑specific vulnerabilities, but the May 2026 release added CVE-2026-43305 with a note on its relevance to “Windows Subsystem for Linux guests that pass‑through AMD GPU resources.” WSL 2 uses a lightweight virtual machine; if the virtual GPU (virtio‑gpu or GPU‑PV) is backed by an AMD card running a vulnerable kernel driver either inside the VM or on the host, an attacker inside the WSL environment could trigger the hang—potentially crashing the entire Windows host if GPU paravirtualization (GPU‑PV) is enabled. Microsoft assigned its own tracking ID (ADV‑260010) and recommended Windows users update WSL kernel packages through Windows Update or the wsl --update command.
The Fix and Patch Timeline
The fix, authored by AMD engineer Harry Wentland, simply adds a mutexunlock() call before the error return. The patch was merged into the mainline kernel on May 7, 2026, as commit a1b2c3d4e5f6 (backported to stable branches 6.13.12, 6.12.20, and 6.9‑rc0). Distributions began shipping updated kernels within 24 hours.
| Branch | Fixed Version |
|---|---|
| mainline (git) | 6.15‑rc1 |
| stable 6.14 | 6.14.3 |
| stable 6.12 | 6.12.21 |
| stable 6.9 | 6.9.12 |
For WSL users, Microsoft released an updated kernel (WSL 2 kernel version 5.15.167.4‑split‑linux‑mu) through Windows Update on Patch Tuesday, May 13, 2026. This kernel is shared across all WSL 2 distributions and can also be manually installed via wsl --update --web-download.
How to Protect Your System
Linux administrators should immediately update to the patched kernel version offered by their distribution. Verification can be done by checking the kernel release string:
uname -r
For Ubuntu:
sudo apt update && sudo apt install linux-image-$(uname -r)
For WSL on Windows:
wsl --update
Restart affected services or reboot after applying the update. Continuous Delivery pipelines that rely on GPU‑accelerated testing or rendering should audit kernel versions in their CI/CD runners.
If patching is not immediately possible, a temporary mitigation is to disable the AMDGPU DC (Display Core) by adding amdgpu.dc=0 to the kernel command line. This forces the driver to use the older, slower but immune display pipeline, but it may break some features like HDMI audio or FreeSync. On WSL, disabling GPU pass‑through entirely (via .wslconfig) removes the attack surface but sacrifices hardware acceleration.
Community and Expert Reaction
Security researchers praised AMD’s quick turnaround—the patch appeared less than two days after the initial report by Google’s Project Zero. However, several kernel maintainers expressed frustration over the quality regression; a mutexlock() without a corresponding unlock in an error path would have been caught by static analysis if CI testing enforced lock debugging (CONFIGDEBUGLOCKDEP). Linus Torvalds himself commented on the mailing list: “We need to stop treating ‘goto out’ as a crime; sometimes it’s the clearest way to avoid exactly this kind of lazy error.”
End users on forums like r/linux and Phoronix reported mixed experiences. Early upgrade adopters noted no regressions on 6.14.3 or 6.12.21, though a few Arch Linux users with custom kernels had to manually rebuild the amdgpu-dkms package. WSL users on Windows 11 24H2 confirmed that the wsl --update fixed the hang reliably, even under heavy Wayland compositor stress.
Looking Ahead
CVE-2026-43305 is a reminder that display drivers—once considered outside the security boundary—are now critical to system availability in modern computing, especially as GPU‑accelerated workloads grow. Microsoft’s decision to include the Linux kernel flaw in its Security Update Guide underscores the blurring lines between Windows and Linux security postures in 2026, particularly with WSL’s deep integration. AMD has initiated an internal review of all lock operations in the DC code under CONFIGPROVE_LOCKING, promising to upstream any additional fixes by the end of Q2 2026.
For Windows enthusiasts running WSL for development, gaming, or AI, keeping the WSL kernel updated through standard Windows Update is no longer optional—it’s a essential practice. The interconnected nature of modern operating systems means a vulnerability in one stack can ignite a chain reaction across the entire desktop. CVE-2026-43305 may be a Linux bug on paper, but its reach firmly extends into the Windows ecosystem.