CVE-2026-46311 PUBLISHED

drm/amdgpu/userq: fix access to stale wptr mapping

Assigner: Linux
Reserved: 13.05.2026 Published: 08.06.2026 Updated: 14.06.2026

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/userq: fix access to stale wptr mapping

Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly.

This fixes the security issue of unmap the wptr_obj while a queue creation is in progress and passing other bo at same address.

(cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 5fb2f7fc21a3668e5794cc0d153641b9719713e1 to 336a9186f3a4b65bbd865d93936605ac8a1a3991 (excl.)
  • affected from 5fb2f7fc21a3668e5794cc0d153641b9719713e1 to 6da7b1242da4455b11c24ce667d1cab1a348c8ea (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.16 is affected
  • unaffected from 0 to 6.16 (excl.)
  • unaffected from 7.0.9 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References