CVE-2026-43302 - Vulnerability Details

- drm/v3d: Set DMA segment size to avoid debug warnings

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Set DMA segment size to avoid debug warnings

When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the
kernel occasionally reports a segment size mismatch. This is because
'max_seg_size' is not set. The kernel defaults to 64K. setting
'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()'
from complaining about the over-mapping of the V3D segment length.

DMA-API: v3d 1002000000.v3d: mapping sg segment longer than device
claims to support [len=8290304] [max=65536]
WARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388
CPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1
Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_dma_map_sg+0x330/0x388
lr : debug_dma_map_sg+0x330/0x388
sp : ffff8000829a3ac0
x29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000
x26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000
x23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002
x20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff
x17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573
x14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000
x11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c
x8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001
x5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008
x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280
Call trace:
debug_dma_map_sg+0x330/0x388
__dma_map_sg_attrs+0xc0/0x278
dma_map_sgtable+0x30/0x58
drm_gem_shmem_get_pages_sgt+0xb4/0x140
v3d_bo_create_finish+0x28/0x130 [v3d]
v3d_create_bo_ioctl+0x54/0x180 [v3d]
drm_ioctl_kernel+0xc8/0x140
drm_ioctl+0x2d4/0x4d8

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The V3D DRM driver in the Linux kernel fails to initialize the maximum DMA segment size. When CONFIG_DMA_API_DEBUG is enabled, the driver defaults to 64 KiB and issues verbose debug warnings whenever a buffer larger than this value is mapped. The defect triggers a harmless log entry. Based on the description, it is inferred that the bug does not alter control flow, privilege levels, or data confidentiality, and corresponds to incorrect handling of the size of a DMA segment (CWE-131).

Affected Systems

All Linux kernel builds that load the V3D DRM driver and have CONFIG_DMA_API_DEBUG enabled are impacted. Recent Raspberry Pi 5 systems running kernel 6.12.53‑yocto‑standard and any other releases that have not applied the patch that sets max_seg_size to the device’s true maximum fall into this category.

Risk and Exploitability

Because the issue merely produces debug messages, it does not provide a code‑execution path, data disclosure, or integrity breach. The vulnerability is not listed in CISA KEV, and an EPSS score is not available, indicating no known exploitation. Based on the description, it is inferred that a local user with sufficient privileges to trigger debug output would see the warnings but would not achieve additional compromise. The risk remains negligible for most environments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< 14d0d6c8b4504a60cfeea74775ab2e0164019e65
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< 225023e3619b81af6d8d0e680503fc2d68633023
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< 2663ef70c6123b2232190f917275e5c3175f97d0
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< cf510785f74e74c54de40a43a955b7f844857487
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< 0290934d30abe7c88e18140fd5184c3f386b1e44
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2
`57692c94dcbe99a1e0444409a3da13fb3443562c`	affected	< 9eb018828b1b30dfba689c060735c50fc5b9f704

Linux

affected

Version	Status	Constraints
`4.18`	affected	—
`0`	unaffected	< 4.18
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,14d0d6c8b4504a60cfeea74775ab2e0164019e65)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,225023e3619b81af6d8d0e680503fc2d68633023)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2663ef70c6123b2232190f917275e5c3175f97d0)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,cf510785f74e74c54de40a43a955b7f844857487)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0290934d30abe7c88e18140fd5184c3f386b1e44)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,9eb018828b1b30dfba689c060735c50fc5b9f704)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that incorporates the max_seg_size patch (e.g., any 6.12.x update after the relevant commit).
If a kernel upgrade is not feasible, rebuild the kernel with CONFIG_DMA_API_DEBUG disabled to suppress the debug warnings issued by the unterminated initialization.
Apply the specific patch manually to the kernel source (for example, applying commit 0290934d30abe7c…) which sets max_seg_size to the device’s true maximum, if you require the debug functionality.

Generated by OpenCVE AI on May 9, 2026 at 01:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0290934d30abe7c88e18140fd5184c3f386b1e44
https://git.kernel.org/stable/c/14d0d6c8b4504a60cfeea74775ab2e0164019e65
https://git.kernel.org/stable/c/225023e3619b81af6d8d0e680503fc2d68633023
https://git.kernel.org/stable/c/2663ef70c6123b2232190f917275e5c3175f97d0
https://git.kernel.org/stable/c/9eb018828b1b30dfba689c060735c50fc5b9f704
https://git.kernel.org/stable/c/cf510785f74e74c54de40a43a955b7f844857487
https://git.kernel.org/stable/c/db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2
https://lore.kernel.org/linux-cve-announce/2026050856-CVE-2026-43302-a1f7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43302
https://www.cve.org/CVERecord?id=CVE-2026-43302

History

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-131
References		https://lore.kernel.org/linux-cve-announce/2026050856-CVE-2026-43302-a1f7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43302 https://www.cve.org/CVERecord?id=CVE-2026-43302

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complaining about the over-mapping of the V3D segment length. DMA-API: v3d 1002000000.v3d: mapping sg segment longer than device claims to support [len=8290304] [max=65536] WARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388 CPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1 Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : debug_dma_map_sg+0x330/0x388 lr : debug_dma_map_sg+0x330/0x388 sp : ffff8000829a3ac0 x29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000 x26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000 x23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002 x20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff x17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573 x14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000 x11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c x8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001 x5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280 Call trace: debug_dma_map_sg+0x330/0x388 __dma_map_sg_attrs+0xc0/0x278 dma_map_sgtable+0x30/0x58 drm_gem_shmem_get_pages_sgt+0xb4/0x140 v3d_bo_create_finish+0x28/0x130 [v3d] v3d_create_bo_ioctl+0x54/0x180 [v3d] drm_ioctl_kernel+0xc8/0x140 drm_ioctl+0x2d4/0x4d8
Title		drm/v3d: Set DMA segment size to avoid debug warnings
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0290934d30abe7c88e18140fd5184c3f386b1e44 https://git.kernel.org/stable/c/14d0d6c8b4504a60cfeea74775ab2e0164019e65 https://git.kernel.org/stable/c/225023e3619b81af6d8d0e680503fc2d68633023 https://git.kernel.org/stable/c/2663ef70c6123b2232190f917275e5c3175f97d0 https://git.kernel.org/stable/c/9eb018828b1b30dfba689c060735c50fc5b9f704 https://git.kernel.org/stable/c/cf510785f74e74c54de40a43a955b7f844857487 https://git.kernel.org/stable/c/db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:22.886Z

Updated: 2026-05-09T04:10:15.608Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43302

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:37.447

Modified: 2026-05-08T14:16:37.447

Link: CVE-2026-43302

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43302 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T02:00:19Z

Weaknesses

CWE-131

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object