Description
In the Linux kernel, the following vulnerability has been resolved:

drm: Account property blob allocations to memcg

DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized
property blobs backed by kernel memory.

Currently, the blob data allocation is not accounted to the allocating
process's memory cgroup, allowing unprivileged users to trigger unbounded
kernel memory consumption and potentially cause system-wide OOM.

Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that the memory
is properly charged to the caller's memcg. This ensures existing cgroup
memory limits apply and prevents uncontrolled kernel memory growth without
introducing additional policy or per-file limits.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the DRM subsystem of the Linux kernel allows a local user to request a property blob of arbitrary size through the DRM_IOCTL_MODE_CREATEPROPBLOB ioctl. The kernel fails to account the allocated memory for the caller’s memory cgroup, so the memory is not limited by any cgroup quota. An attacker can therefore consume an unbounded amount of kernel memory, which can trigger a system‑wide out‑of‑memory condition and bring the host to a halt. This represents a strong denial‑of‑service risk to the entire system.

Affected Systems

Affected version information is not available; the vulnerability is documented for Linux:Linux but specific kernel releases that require the fix cannot be identified at this time.

Risk and Exploitability

Based on the description, it is inferred that the attack requires only local access and the ability to invoke the ioctl. Because the allocation is unbounded and not restricted by any cgroup limits, an unprivileged user can potentially exhaust kernel memory. The CVSS score of 5.5 indicates moderate severity. The EPSS score is < 1% and the vulnerability is not listed in the KEV catalog, but the potential impact is high and the likelihood of exploitation is low on systems that expose the DRM subsystem.

Generated by OpenCVE AI on May 15, 2026 at 21:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the patch which marks property blob allocations with GFP_KERNEL_ACCOUNT so they are charged to the caller’s memcg
  • If an immediate kernel update is not possible, restrict execution of DRM_IOCTL_MODE_CREATEPROPBLOB by applying system‑level controls such as seccomp rules or disabling the DRM subsystem for untrusted users
  • Enforce appropriate memory cgroup quotas and monitor kernel memory usage to detect and prevent excessive allocation attempts

Generated by OpenCVE AI on May 15, 2026 at 21:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Fri, 15 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-221

Fri, 15 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 08 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-221

Fri, 08 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that the memory is properly charged to the caller's memcg. This ensures existing cgroup memory limits apply and prevents uncontrolled kernel memory growth without introducing additional policy or per-file limits.
Title drm: Account property blob allocations to memcg
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:21:38.413Z

Reserved: 2026-05-01T14:12:55.999Z

Link: CVE-2026-43287

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:35.600

Modified: 2026-05-15T16:48:02.090

Link: CVE-2026-43287

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43287 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T21:45:09Z

Weaknesses