Skip to main content

Linux Kernel CVE-2026-43395

| EUVDEUVD-2026-28701 MEDIUM
Incomplete Cleanup (CWE-459)
2026-05-08 Linux GHSA-2v48-6xmq-vxhp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 21, 2026 - 19:38 vuln.today
CVSS changed
May 21, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/sync: Cleanup partially initialized sync on parse failure

xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence, or user fence) before hitting a later failure path. Several of those paths returned directly, leaving partially initialized state and leaking refs.

Route these error paths through a common free_sync label and call xe_sync_entry_cleanup(sync) before returning the error.

(cherry picked from commit f939bdd9207a5d1fc55cced5459858480686ce22)

AnalysisAI

Incomplete cleanup in the Linux kernel's DRM/Xe GPU driver allows a local low-privileged user to leak kernel object references (syncobj, fence, chain fence, or user fence) by triggering error paths in xe_sync_entry_parse(), resulting in kernel memory exhaustion and local denial of service. Affected kernels include those shipping the Intel Xe GPU driver from the introducing commit (dd08ebf6c352) up to the fix commits landed in stable series 6.12, 6.18, 6.19, and 7.0. No public exploit code exists and no active exploitation has been reported; EPSS probability sits at 0.02% (5th percentile), reflecting extremely low real-world exploitation interest.

Technical ContextAI

The Direct Rendering Manager (DRM) subsystem in the Linux kernel manages GPU access, and the Xe driver is Intel's next-generation discrete and integrated GPU driver targeting Arc/Meteor Lake and later hardware. Synchronization primitives (syncobj, dma-fence, chain fence, user fence) are allocated during xe_sync_entry_parse() as part of processing GPU command submission ioctls. CWE-459 (Incomplete Cleanup) is the root cause: multiple error-return paths within that function returned directly after partially allocating these kernel objects, bypassing the xe_sync_entry_cleanup() teardown path. The fix routes all failure paths through a common 'free_sync' label that calls xe_sync_entry_cleanup() before returning the error code. CPE data identifies the affected product as cpe:2.3:a:linux:linux on all platforms. The cherry-pick note indicates the fix was sourced from upstream commit f939bdd9207a5d1fc55cced5459858480686ce22.

RemediationAI

The primary remediation is to upgrade to a patched kernel version: 6.12.78, 6.18.19, 6.19.9, or 7.0, corresponding to upstream stable commits at https://git.kernel.org/stable/c/1bfd7575092420ba5a0b944953c95b74a5646ff8 (6.12), https://git.kernel.org/stable/c/af65cd1853599394b94201c08bed7a46717db478 (6.18), https://git.kernel.org/stable/c/91c228f96fcfacc2341a58815b1da8c69da94ebb (6.19), and https://git.kernel.org/stable/c/f0af63ffa06306f12592cd3919fad6957b425e1b (mainline). Distribution vendors tracking these stable series (Debian, Ubuntu, RHEL, SUSE, Arch) should be expected to ship updated packages. If an immediate kernel update is not feasible and the Intel Xe GPU is not operationally required, the drm/xe kernel module can be blocklisted by adding 'blacklist xe' to /etc/modprobe.d/xe-blacklist.conf - this prevents the driver from loading at boot, eliminating the vulnerable code path entirely, but will disable Intel Arc and Xe-integrated GPU functionality. This workaround has no impact on systems without Xe-compatible hardware.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43395 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy