Skip to main content

Linux Kernel CVE-2026-43444

| EUVDEUVD-2026-28750 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-08 Linux GHSA-9349-jqww-wh9m
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 21, 2026 - 17:22 vuln.today
CVSS changed
May 21, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:22 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Unreserve bo if queue update failed

Error handling path should unreserve bo then return failed.

(cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33)

AnalysisAI

Denial of service in the Linux kernel's drm/amdkfd (AMD GPU Kernel Fusion Driver) subsystem allows a local authenticated user to crash the kernel via a NULL pointer dereference. The flaw originates in the error handling path of the queue update routine, where a buffer object (bo) is not unreserved upon failure, leaving the subsystem in an inconsistent state that triggers a null dereference. No active exploitation is known; EPSS is 0.02% (5th percentile), and the impact is limited strictly to availability - confidentiality and integrity are unaffected.

Technical ContextAI

The affected component is the amdkfd (AMD Kernel Fusion Driver) within the Linux kernel's Direct Rendering Manager (DRM) subsystem, responsible for managing GPU compute queues and buffer objects for AMD GPUs. A buffer object (bo) reservation is a locking mechanism used to serialize access to GPU memory resources. When a queue update operation fails, the correct error handling path must explicitly unreserve the bo before returning; the absent unreserve call leaves the bo in a locked/reserved state, leading to a NULL pointer dereference (CWE-476) on subsequent access. The affected CPE is cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* covering Linux kernel versions from commit 305cd109b761202d71f2f655ea369fe889ba1d01 through the respective stable-branch fix commits. Systems without AMD GPUs or without the amdgpu/amdkfd kernel modules loaded are not affected.

RemediationAI

Upgrade to a patched kernel version: 6.12.78, 6.18.19, 6.19.9, or 7.0, per upstream stable commits referenced at https://git.kernel.org/stable/c/781110700ada22168fbb490dd61432d23a17a5b4 (6.12.x), https://git.kernel.org/stable/c/529c985da1b277b36dc99aad660f96dc70f3c467 (6.18.x), https://git.kernel.org/stable/c/b2b7742c465c8e3b36dc325a48abb4b9f2aaa38b (6.19.x), and https://git.kernel.org/stable/c/2ce75a0b7e1bfddbcb9bc8aeb2e5e7fa99971acf (mainline). For systems that cannot be patched immediately, a compensating control is to unload or blacklist the amdgpu and amdkfd kernel modules ('echo amdgpu >> /etc/modprobe.d/blacklist.conf && rmmod amdkfd amdgpu') - this prevents the vulnerable code path from executing entirely, but will disable all AMD GPU functionality including display and compute, which is not viable for production GPU workloads. Restricting local user access on AMD GPU-equipped systems reduces the attack surface until patching is completed. NVD advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-43444.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43444 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy