HIGHCVE-2026-43206Published Modified CNA Linux
CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
03e04bc310d80b46eaf481f1fefcbcb37a187412d4857c37c7ba9aa38b9a4c694e8bd8d0091c879404e72f419e4ed44cb3b60506752d8688c20a60a9b5.10.2525.15.2026.1.1656.6.1286.12.756.18.166.19.67.075fb57efdd7863fffbc39db23e9cad7aafda26ed8a70a26c9f34baea6c3199a9862ddaff4554a96db4034442cb090e4a980bdcc1540948606cbc951bbfcd6b53e1f4feb182952f4ff9a137c36ceaf20bde8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
Affected packages
- Linux / Linux< 3e04bc310d80b46eaf481f1fefcbcb37a187412d (from 0fc8011f89feb8b2c3008583b777d097e1974660) · < de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f (from 0fc8011f89feb8b2c3008583b777d097e1974660) · < b4034442cb090e4a980bdcc1540948606cbc951b (from 0fc8011f89feb8b2c3008583b777d097e1974660) · < 4857c37c7ba9aa38b9a4c694e8bd8d0091c87940 (from 0fc8011f89feb8b2c3008583b777d097e1974660) · < 75fb57efdd7863fffbc39db23e9cad7aafda26ed (from 0fc8011f89feb8b2c3008583b777d097e1974660) · < bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b (from 0fc8011f89feb8b2c3008583b777d097e1974660)
- Linux / Linux4.17Fixed in 0, 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H