CVE-2026-43398

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: add upper bound check on user inputs in wait ioctl

Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited.

So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM.

v2: squash in Srini's fix

(cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa292fdecd72834b3bec380baa5db1e69e7f70679 < b1d10508da559da2e0ca9cca6505094a7df948e1affected
LinuxLinuxa292fdecd72834b3bec380baa5db1e69e7f70679 < 3cd93bc695b3456f26f5ed52753d9071da26202aaffected
LinuxLinuxa292fdecd72834b3bec380baa5db1e69e7f70679 < 64ac7c09fc44985ec9bb6a9db740899fa40ca613affected
LinuxLinux6.16affected
LinuxLinux0 < 6.16unaffected
LinuxLinux6.18.19 <= 6.18.*unaffected
LinuxLinux6.19.9 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References