CVE-2026-43195 - Vulnerability Details

- drm/amdgpu: validate user queue size constraints

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: validate user queue size constraints

Add validation to ensure user queue sizes meet hardware requirements:
- Size must be a power of two for efficient ring buffer wrapping
- Size must be at least AMDGPU_GPU_PAGE_SIZE to prevent undersized allocations

This prevents invalid configurations that could lead to GPU faults or
unexpected behavior.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel previously lacked validation for AMDGPU user queue sizes. Without checks, a queue size not being a power of two or smaller than AMDGPU_GPU_PAGE_SIZE could cause GPU faults or unpredictable behavior, potentially crashing GPU-dependent processes.

Affected Systems

The vulnerability affects Linux kernel builds that include the AMDGPU driver module. Exact kernel versions are unspecified, but any kernel lacking the recent validation change is vulnerable.

Risk and Exploitability

No CVSS or EPSS score is available, and the vulnerability is not listed in CISA KEV. The flaw is a kernel-level defect that could be exploited by an attacker with local or privileged access to trigger GPU faults, resulting in a denial of service for applications using the GPU. The lack of a publicly documented attack vector means the risk is primarily tied to local exploitation scenarios.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< cf2a37be899dc1b01f53bf1d0157330eaf3e3f55
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9f6cc309cd15922fe58cab2dfa1b5993ad31dec7
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 8079b87c02e531cc91601f72ea8336dd2262fdf1

Linux

affected

Version	Status	Constraints
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,cf2a37be899dc1b01f53bf1d0157330eaf3e3f55)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9f6cc309cd15922fe58cab2dfa1b5993ad31dec7)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,8079b87c02e531cc91601f72ea8336dd2262fdf1)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*)`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the AMDGPU queue size validation fix.
Ensure the kernel upgrade is accompanied by the corresponding updated AMDGPU driver modules.
Verify that no legacy kernel modules referencing unsupported queue sizes remain loaded.

Generated by OpenCVE AI on May 6, 2026 at 14:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/8079b87c02e531cc91601f72ea8336dd2262fdf1
https://git.kernel.org/stable/c/9f6cc309cd15922fe58cab2dfa1b5993ad31dec7
https://git.kernel.org/stable/c/cf2a37be899dc1b01f53bf1d0157330eaf3e3f55

History

Wed, 06 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPU_GPU_PAGE_SIZE to prevent undersized allocations This prevents invalid configurations that could lead to GPU faults or unexpected behavior.
Title		drm/amdgpu: validate user queue size constraints
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/8079b87c02e531cc91601f72ea8336dd2262fdf1 https://git.kernel.org/stable/c/9f6cc309cd15922fe58cab2dfa1b5993ad31dec7 https://git.kernel.org/stable/c/cf2a37be899dc1b01f53bf1d0157330eaf3e3f55

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:03.437Z

Updated: 2026-05-06T11:28:03.437Z

Reserved: 2026-05-01T14:12:55.992Z

Link: CVE-2026-43195

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:38.487

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43195

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T17:15:08Z

Weaknesses

CWE-20

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object