Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Unreserve bo if queue update failed

Error handling path should unreserve bo then return failed.

(cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33)
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s Direct Rendering Manager module for AMD KFD, when a queue update fails, the error handling path fails to unreserve the associated buffer object. This leaves the buffer reserved, potentially accumulating unclaimed resources and leading to kernel resource exhaustion or a crash if the stale reference is later accessed. The flaw does not provide a direct path to execute arbitrary code, but it can compromise system stability and availability.

Affected Systems

All deployments of the Linux kernel that have not incorporated commit c24afed7de9ecce341825d8ab55a43a254348b33 in the drm/amdkfd module, which includes every kernel version before that patch across all Linux distributions.

Risk and Exploitability

The CVSS score is not disclosed and the EPSS score of less than 1% (0.00018) indicates a low exploitation likelihood. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker would need local or privileged kernel access to trigger the failing queue update path. The risk is primarily a denial‑of‑service scenario that could lead to system instability, memory exhaustion, or kernel reboot.

Generated by OpenCVE AI on May 9, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Linux kernel patch that contains commit c24afed7de9ecce341825d8ab55a43a254348b33, which restores proper buffer object unreservation on queue update failure.
  • If your distribution’s kernel has not yet incorporated the patch, backport or apply the commit to your local kernel source, rebuild, and update your system to run the patched kernel.
  • If an immediate kernel update is not possible, limit the use of the AMD KFD DRM subsystem or disable it entirely to prevent accidental queue failures from affecting the system.

Generated by OpenCVE AI on May 9, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-400

Sat, 09 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Fri, 08 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-400

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. (cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33)
Title drm/amdkfd: Unreserve bo if queue update failed
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T14:22:11.976Z

Reserved: 2026-05-01T14:12:56.009Z

Link: CVE-2026-43444

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T15:16:56.883

Modified: 2026-05-08T15:16:56.883

Link: CVE-2026-43444

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43444 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T16:00:13Z

Weaknesses