Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: validate user queue size constraints

Add validation to ensure user queue sizes meet hardware requirements:
- Size must be a power of two for efficient ring buffer wrapping
- Size must be at least AMDGPU_GPU_PAGE_SIZE to prevent undersized allocations

This prevents invalid configurations that could lead to GPU faults or
unexpected behavior.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel previously did not validate AMDGPU user queue sizes, allowing sizes that were not powers of two or smaller than AMDGPU_GPU_PAGE_SIZE. Such misconfigurations can trigger GPU faults or cause unforeseen device behavior, disrupting processes that depend on GPU operations.

Affected Systems

The flaw affects Linux kernel builds that include the AMDGPU driver. Any kernel lacking the recent validation commit is vulnerable; the exact kernel release is not specified in the data.

Risk and Exploitability

CVSS score of 5.5 and EPSS score of < 1% are provided, and the vulnerability is not listed in CISA KEV. The description does not establish an explicit attack vector; it is inferred that exploitation requires local or privileged access to configure queue sizes at the kernel level. Consequently, the risk is primarily local unless a remote configuration pathway is discovered.

Generated by OpenCVE AI on May 11, 2026 at 22:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to the latest revision that includes the AMDGPU queue size validation patch.
  • Update AMDGPU driver modules to the most recent stable release that incorporates the validation.
  • Blacklist legacy AMDGPU modules that lack the validation to prevent them from being loaded.

Generated by OpenCVE AI on May 11, 2026 at 22:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References

Wed, 06 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPU_GPU_PAGE_SIZE to prevent undersized allocations This prevents invalid configurations that could lead to GPU faults or unexpected behavior.
Title drm/amdgpu: validate user queue size constraints
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:19:41.010Z

Reserved: 2026-05-01T14:12:55.992Z

Link: CVE-2026-43195

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:38.487

Modified: 2026-05-11T20:21:56.267

Link: CVE-2026-43195

cve-icon Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43195 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:00:19Z

Weaknesses