CVE-2026-43398
Memory Corruption in AMDGPU Linux Kernel Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | amdgpu | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's amdgpu driver, specifically in the drm/amdgpu component. It involves the wait ioctl function where user inputs are not properly bounded. Large input values passed to the amdgpu_userq_wait_ioctl function can cause an out-of-memory (OOM) condition.
The issue was fixed by adding an upper bound check on user inputs against a defined maximum value (AMDGPU_USERQ_MAX_HANDLES), which is sufficiently large for legitimate use cases but prevents excessive values that could lead to OOM.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the system to run out of memory (OOM) due to processing huge input values in the amdgpu_userq_wait_ioctl function. This could lead to system instability, crashes, or denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix that adds an upper bound check on user inputs in the amdgpu wait ioctl.
Specifically, the fix checks input values against AMDGPU_USERQ_MAX_HANDLES to prevent huge input values that could lead to an out-of-memory (OOM) condition.
Therefore, updating your kernel to a version that contains the commit fcec012c664247531aed3e662f4280ff804d1476 or later will mitigate this issue.