CVE-2026-43195

Vulnerability

Overview

CVE-2026-43195 is a vulnerability in the Linux kernel's AMDGPU Direct Rendering Manager (drm) driver. The issue arises from a lack of validation for user queue sizes. The kernel now adds checks to ensure that the queue size is a power of two, which is necessary for efficient ring buffer wrapping, and that it is at least AMDGPU_GPU_PAGE_SIZE to prevent undersized allocations [1][2][3].

Exploitation

Conditions

An attacker with the ability to submit user queue creation requests to the AMDGPU driver could exploit this vulnerability. No special privileges beyond local user access to the GPU device are required. By providing a queue size that is not a power of two or is too small, the attacker can trigger a GPU fault or other unexpected behavior in the kernel driver [1][2][3].

Impact

Successful exploitation could lead to a denial of service (GPU fault) or potentially other undefined behavior in the GPU subsystem. The CVSS v3 base score is 5.5 (Medium), indicating a moderate severity with a requirement for local access and some user interaction [1][2][3].

Mitigation

The fix has been applied to the Linux kernel stable tree. Users should update to a kernel version containing the commit that adds the size validation checks. No workarounds are mentioned, but restricting local access to the GPU device can reduce the attack surface [1][2][3].