CVE-2026-46311
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/userq: fix access to stale wptr mapping
Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly.
This fixes the security issue of unmap the wptr_obj while a queue creation is in progress and passing other bo at same address.
(cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5fb2f7fc21a3668e5794cc0d153641b9719713e1 < 336a9186f3a4b65bbd865d93936605ac8a1a3991 | affected |
| Linux | Linux | 5fb2f7fc21a3668e5794cc0d153641b9719713e1 < 6da7b1242da4455b11c24ce667d1cab1a348c8ea | affected |
| Linux | Linux | 6.16 | affected |
| Linux | Linux | 0 < 6.16 | unaffected |
| Linux | Linux | 7.0.9 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/336a9186f3a4b65bbd865d93936605ac8a1a3991
- https://git.kernel.org/stable/c/6da7b1242da4455b11c24ce667d1cab1a348c8ea
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.