What is the CVSS score of CVE-2026-43370?

CVE-2026-43370 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2026-43370?

CVE-2026-43370 is a use-after-free vulnerability in the Linux kernel AMD GPU driver that allows authenticated local users to execute arbitrary code with full system compromise potential.. A patch is available.

Linux Kernel CVE-2026-43370

EUVD-2026-28676 HIGH

Use After Free (CWE-416)

2026-05-08 Linux

GHSA-f593-x5jj-v2pg

Information Disclosure Linux Use After Free Memory Corruption

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 11, 2026 - 08:29 vuln.today

CVSS changed

May 11, 2026 - 08:22 NVD

7.8 (HIGH)

Patch available

May 08, 2026 - 16:18 EUVD

CVE Published

May 08, 2026 - 14:21 nvd

HIGH 7.8

CVE Published

May 08, 2026 - 14:21 nvd

UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix use-after-free race in VM acquire

Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork().

(cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618)

AnalysisAI

Use-after-free race condition in Linux kernel amdgpu driver allows local authenticated users to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The flaw occurs when parent and child processes sharing a drm_file both attempt to acquire the same virtual memory context after fork(), due to non-atomic vm->process_info assignment. …

RemediationAI

Within 24 hours: identify all Linux systems running amdgpu driver and their current kernel versions. Within 7 days: apply vendor-released kernel patches (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, or 7.0 depending on baseline version) to all affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

CVE-2026-47337 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local

CVE-2026-45844 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

Vendor StatusVendor

CVE-2026-43370 vulnerability details – vuln.today

Back

Linux Kernel CVE-2026-43370

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code