CVE-2026-43370 - Vulnerability Details

- drm/amdgpu: Fix use-after-free race in VM acquire

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix use-after-free race in VM acquire

Replace non-atomic vm->process_info assignment with cmpxchg()
to prevent race when parent/child processes sharing a drm_file
both try to acquire the same VM after fork().

(cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618)

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel AMDGPU driver, a race exists when two processes share a drm_file and concurrently acquire the same virtual memory object after a fork, causing the vm->process_info field to be freed and then accessed. This use‑after‑free can lead to kernel memory corruption and potentially a denial of service or other security impact, though the CVE description does not document a specific exploit outcome.

Affected Systems

The flaw affects the DRM subsystem of the Linux kernel, specifically the AMDGPU driver, in any kernel version lacking the commit c7c573275ec20db05be769288a3e3bb2250ec618 or later. Any system running such kernels remains vulnerable.

Risk and Exploitability

No CVSS or EPSS metrics are provided and the vulnerability is not listed in CISA KEV. The attack vector appears to be local: an attacker must be able to spawn relevant processes that share a DRM file to trigger the race during VM acquisition. Because no exploitation evidence is reported, the risk is uncertain, but potential kernel corruption could cause system instability or other security impacts.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< ae87aea330c24f462fc7058ed543ba8bc6798447
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< 46d309996bd9251792d7dafdbaf615cf202b4447
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< e61e355cbe49e585097eee28c15b862bfb1c0668
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< c658c1c85ec235b7ecfbf8dbfee385b1332088f4
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< 904025fa8bba1d028adade33346372b4ac1a9249
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< 7885eb335d8f9e9942925d57e300a85e3f82ded4
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< 94b7782d0c8024f5b88454241c8d4777076c3786
`ede0dd86f45adf2b7083bb161f6bc81da5fe2bad`	affected	< 2c1030f2e84885cc58bffef6af67d5b9d2e7098f

Linux

affected

Version	Status	Constraints
`4.17`	affected	—
`0`	unaffected	< 4.17
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ae87aea330c24f462fc7058ed543ba8bc6798447)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,46d309996bd9251792d7dafdbaf615cf202b4447)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e61e355cbe49e585097eee28c15b862bfb1c0668)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c658c1c85ec235b7ecfbf8dbfee385b1332088f4)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,904025fa8bba1d028adade33346372b4ac1a9249)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7885eb335d8f9e9942925d57e300a85e3f82ded4)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,94b7782d0c8024f5b88454241c8d4777076c3786)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2c1030f2e84885cc58bffef6af67d5b9d2e7098f)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a Linux kernel that includes commit c7c573275ec20db05be769288a3e3bb2250ec618 or newer.
Reboot the system so the updated kernel and AMDGPU driver are loaded.
If an update is not immediately available, consider disabling the AMDGPU driver or switching to an alternative graphics driver until the patch is applied.

Generated by OpenCVE AI on May 8, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2c1030f2e84885cc58bffef6af67d5b9d2e7098f
https://git.kernel.org/stable/c/46d309996bd9251792d7dafdbaf615cf202b4447
https://git.kernel.org/stable/c/7885eb335d8f9e9942925d57e300a85e3f82ded4
https://git.kernel.org/stable/c/904025fa8bba1d028adade33346372b4ac1a9249
https://git.kernel.org/stable/c/94b7782d0c8024f5b88454241c8d4777076c3786
https://git.kernel.org/stable/c/ae87aea330c24f462fc7058ed543ba8bc6798447
https://git.kernel.org/stable/c/c658c1c85ec235b7ecfbf8dbfee385b1332088f4
https://git.kernel.org/stable/c/e61e355cbe49e585097eee28c15b862bfb1c0668
https://lore.kernel.org/linux-cve-announce/2026050829-CVE-2026-43370-4d49@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43370
https://www.cve.org/CVERecord?id=CVE-2026-43370

History

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050829-CVE-2026-43370-4d49@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43370 https://www.cve.org/CVERecord?id=CVE-2026-43370

Fri, 08 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork(). (cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618)
Title		drm/amdgpu: Fix use-after-free race in VM acquire
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2c1030f2e84885cc58bffef6af67d5b9d2e7098f https://git.kernel.org/stable/c/46d309996bd9251792d7dafdbaf615cf202b4447 https://git.kernel.org/stable/c/7885eb335d8f9e9942925d57e300a85e3f82ded4 https://git.kernel.org/stable/c/904025fa8bba1d028adade33346372b4ac1a9249 https://git.kernel.org/stable/c/94b7782d0c8024f5b88454241c8d4777076c3786 https://git.kernel.org/stable/c/ae87aea330c24f462fc7058ed543ba8bc6798447 https://git.kernel.org/stable/c/c658c1c85ec235b7ecfbf8dbfee385b1332088f4 https://git.kernel.org/stable/c/e61e355cbe49e585097eee28c15b862bfb1c0668

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:21.926Z

Updated: 2026-05-09T04:10:42.009Z

Reserved: 2026-05-01T14:12:56.006Z

Link: CVE-2026-43370

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:48.067

Modified: 2026-05-08T15:16:48.067

Link: CVE-2026-43370

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43370 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T20:00:12Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object