CVE-2026-43206

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()

The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < 3e04bc310d80b46eaf481f1fefcbcb37a187412daffected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781faffected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < b4034442cb090e4a980bdcc1540948606cbc951baffected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < 4857c37c7ba9aa38b9a4c694e8bd8d0091c87940affected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < 75fb57efdd7863fffbc39db23e9cad7aafda26edaffected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < bfcd6b53e1f4feb182952f4ff9a137c36ceaf20baffected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < 4e72f419e4ed44cb3b60506752d8688c20a60a9baffected
LinuxLinux0fc8011f89feb8b2c3008583b777d097e1974660 < 8a70a26c9f34baea6c3199a9862ddaff4554a96daffected
LinuxLinux4.17affected
LinuxLinux0 < 4.17unaffected
LinuxLinux5.10.252 <= 5.10.*unaffected
LinuxLinux5.15.202 <= 5.15.*unaffected
LinuxLinux6.1.165 <= 6.1.*unaffected
LinuxLinux6.6.128 <= 6.6.*unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References