CVE-2026-43318
Received Received - Intake
Race Condition in AMDGPU DMA-BUF Sync Handling

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will need to update its page table. The commit fixes a synchronisation bug caused by the use of the ticket: it made amdgpu_vm_handle_moved behave as if updating the page table immediately was correct but in this case it's not. An example is the following scenario, with 2 GPUs and glxgears running on GPU0 and Xorg running on GPU1, on a system where P2P PCI isn't supported: glxgears: export linear buffer from GPU0 and import using GPU1 submit frame rendering to GPU0 submit tiled->linear blit Xorg: copy of linear buffer The sequence of jobs would be: drm_sched_job_run # GPU0, frame rendering drm_sched_job_queue # GPU0, blit drm_sched_job_done # GPU0, frame rendering drm_sched_job_run # GPU0, blit move linear buffer for GPU1 access # amdgpu_dma_buf_move_notify -> update pt # GPU0 It this point the blit job on GPU0 is still running and would likely produce a page fault.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43318
EUVD
EUVD-2026-28602
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amdgpu linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's amdgpu driver, specifically in the handling of synchronization when moving dma buffers (dmabuf) shared between processes. When one process moves a buffer object (BO), it must notify other processes using that shared BO to update their page tables accordingly. The bug was caused by incorrect synchronization that made the system behave as if the page table update happened immediately, which is not always correct.

In a scenario involving two GPUs and applications like glxgears and Xorg running on different GPUs without peer-to-peer PCI support, the sequence of GPU jobs can lead to a situation where a blit job is still running on GPU0 while the buffer is being moved and page tables updated. This can cause a page fault due to the premature update.


How can this vulnerability impact me? :

This vulnerability can cause synchronization issues when multiple processes share and move buffer objects across GPUs. Specifically, it can lead to page faults during GPU operations, which may cause application crashes or instability in graphics rendering.

Such faults could degrade system performance or reliability, especially in environments relying on multi-GPU setups and shared buffers for graphics workloads.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart