CVE-2026-43398

May 8, 2026, 3:16 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited. So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM. v2: squash in Srini's fix (cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)

Product(s) Impacted

Vendor Product Versions
Linux
  • Kernel
  • *
Amdgpu
  • Driver
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux kernel / / / / / / / /
a amdgpu driver / / / / / / / /

References

https://git.kernel.org/stable/c/3cd93bc695b3456f26f5ed52753d9071da26202a
https://git.kernel.org/stable/c/64ac7c09fc44985ec9bb6a9db740899fa40ca613
https://git.kernel.org/stable/c/b1d10508da559da2e0ca9cca6505094a7df948e1

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-05-08
CVE-2026-43398

Timeline

Published: May 8, 2026, 3:16 p.m.
Last Modified: May 8, 2026, 3:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.