Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: add upper bound check on user inputs in wait ioctl

Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and
could be exploited.

So check these input value against AMDGPU_USERQ_MAX_HANDLES
which is big enough value for genuine use cases and could
potentially avoid OOM.

v2: squash in Srini's fix

(cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Huge user input values supplied to the AMDGPU wait ioctl can trigger an out‑of‑memory condition, causing the kernel to abort and bring the whole system down. The underlying flaw is a lack of an upper bound on the number of handles processed, allowing an attacker to exhaust memory and deny service to all users. The attack does not expose data or privilege but induces a crash that renders the host unusable until reboot.

Affected Systems

All Linux kernel releases that include the amdgpu driver are affected until the fix is applied. The vulnerability exists in the kernel module that implements the amdgpu_userq_wait_ioctl interface. No specific distribution version is listed; any system running a kernel that bundles the patched amdgpu code before the commit fcec012c664247531aed3e662f4280ff804d1476 is at risk.

Risk and Exploitability

The CVSS score is not provided and the EPSS entry is not available, but the absence from the KEV catalog does not diminish the potential impact. The flaw can be exercised from user space by sending a crafted ioctl to the DRM device (e.g., /dev/dri/card*), making it a local privilege exploitation vector. An attacker with access to the device – typically any regular user – can trigger the crash. The exploit complexity is low; no advanced prerequisites are mentioned beyond the access to the GPU device.

Generated by OpenCVE AI on May 9, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch commit fcec012c664247531aed3e662f4280ff804d1476 that adds an upper bound check on the AMDGPU wait ioctl.
  • If using a distribution-provided kernel, update to the latest kernel package that contains the commit (for example, install the newest kernel-release package).
  • Reboot the system after applying the patch or updating the kernel so that the new module is loaded and the fix takes effect.

Generated by OpenCVE AI on May 9, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References

Fri, 08 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-221
CWE-739

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and could be exploited. So check these input value against AMDGPU_USERQ_MAX_HANDLES which is big enough value for genuine use cases and could potentially avoid OOM. v2: squash in Srini's fix (cherry picked from commit fcec012c664247531aed3e662f4280ff804d1476)
Title drm/amdgpu: add upper bound check on user inputs in wait ioctl
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-09T04:10:47.202Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43398

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:51.230

Modified: 2026-05-08T15:16:51.230

Link: CVE-2026-43398

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43398 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T02:00:19Z

Weaknesses