Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/userq: fix access to stale wptr mapping

Use drm_exec to take both locks i.e vm root bo and
wptr_obj bo to access the mapping data properly.

This fixes the security issue of unmap the wptr_obj while
a queue creation is in progress and passing other
bo at same address.

(cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)
Published: 2026-06-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux kernel’s DRM AMDGPU subsystem allows an attacker to unmap a write‑pointer object while a command queue is still being created, and to substitute a different buffer object at the same physical address. If the attacker can influence these operations, the stale mapping may lead to kernel memory corruption. The description implies that such corruption could enable arbitrary code execution or privilege escalation, but the advisory does not explicitly confirm these outcomes.

Affected Systems

This vulnerability is present in the Linux kernel’s AMDGPU subsystem prior to the inclusion of commit 1fc6c8ab. The specific kernel releases without this commit are potentially affected. Systems that have updated to kernels incorporating the fix are no longer vulnerable.

Risk and Exploitability

The advisory does not provide a CVSS or EPSS score; however, the race condition is severe and represents a high‑severity kernel flaw. It is not listed in the CISA KEV catalog and no public exploits are documented. Based on the description, it is inferred that the attack vector is local, requiring the attacker to have the ability to generate GPU command queue operations or to influence the AMDGPU driver. The stale mapping window could be leveraged to overwrite critical kernel data structures, posing a significant risk in environments where the driver is exposed to untrusted processes.

Generated by OpenCVE AI on June 9, 2026 at 01:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that contains commit 1fc6c8ab (the change that fixes the stale wptr mapping).
  • If the AMDGPU driver is not needed for the system’s operation, disable or uninstall it to eliminate the attack surface.
  • If an immediate kernel upgrade is not possible, consider applying the patch manually or compiling the module with the corrected code, ensuring that the new mapping logic is active before any queue operations are performed.

Generated by OpenCVE AI on June 9, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while a queue creation is in progress and passing other bo at same address. (cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)
Title drm/amdgpu/userq: fix access to stale wptr mapping
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-09T07:37:29.573Z

Reserved: 2026-05-13T15:03:33.111Z

Link: CVE-2026-46311

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:50.053

Modified: 2026-06-08T17:16:50.053

Link: CVE-2026-46311

cve-icon Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46311 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T01:45:22Z

Weaknesses