VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 21, 2026

CVE-2026-43398

CVE-2026-43398

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: add upper bound check on user inputs in wait ioctl

Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited.

So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM.

v2: squash in Srini's fix

(cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)

Affected products

3
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.16,<6.18.19
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

1