CVE-2026-43398 PUBLISHED

drm/amdgpu: add upper bound check on user inputs in wait ioctl

Assigner: Linux
Reserved: 01.05.2026 Published: 08.05.2026 Updated: 09.05.2026

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: add upper bound check on user inputs in wait ioctl

Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited.

So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM.

v2: squash in Srini's fix

(cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from a292fdecd72834b3bec380baa5db1e69e7f70679 to b1d10508da559da2e0ca9cca6505094a7df948e1 (excl.)
  • affected from a292fdecd72834b3bec380baa5db1e69e7f70679 to 3cd93bc695b3456f26f5ed52753d9071da26202a (excl.)
  • affected from a292fdecd72834b3bec380baa5db1e69e7f70679 to 64ac7c09fc44985ec9bb6a9db740899fa40ca613 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.16 is affected
  • unaffected from 0 to 6.16 (excl.)
  • unaffected from 6.18.19 to 6.18.* (incl.)
  • unaffected from 6.19.9 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References