Skip to main content

Linux Kernel EUVDEUVD-2026-28602

| CVE-2026-43318 MEDIUM
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-hgcg-jj48-wj2h
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 21:01 vuln.today
CVSS changed
May 15, 2026 - 18:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 15:02 EUVD
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will need to update its page table.

The commit fixes a synchronisation bug caused by the use of the ticket: it made amdgpu_vm_handle_moved behave as if updating the page table immediately was correct but in this case it's not.

An example is the following scenario, with 2 GPUs and glxgears running on GPU0 and Xorg running on GPU1, on a system where P2P PCI isn't supported:

glxgears: export linear buffer from GPU0 and import using GPU1 submit frame rendering to GPU0 submit tiled->linear blit Xorg: copy of linear buffer

The sequence of jobs would be: drm_sched_job_run

GPU0, frame rendering

drm_sched_job_queue

GPU0, blit

drm_sched_job_done

GPU0, frame rendering

drm_sched_job_run

GPU0, blit

move linear buffer for GPU1 access # amdgpu_dma_buf_move_notify -> update pt

GPU0

It this point the blit job on GPU0 is still running and would likely produce a page fault.

AnalysisAI

Race condition in Linux kernel AMDGPU driver allows local attackers with low privileges to trigger denial of service through GPU page faults during DMA buffer operations. The vulnerability affects multi-GPU systems where shared buffer objects are accessed across different GPUs, particularly impacting AMD Radeon graphics driver stability. Patch available from upstream kernel maintainers for versions 6.12.75, 6.18.16, 6.19.6, and 7.0. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit code or active exploitation has been identified.

Technical ContextAI

The vulnerability exists in the AMDGPU Direct Rendering Manager (DRM) driver's DMA-BUF sharing mechanism, specifically in the amdgpu_dma_buf_move_notify function. DMA-BUF is Linux's framework for sharing buffers between different devices and subsystems. When a graphics buffer object (BO) is shared between processes using different GPUs, the driver must synchronize memory access and page table updates. The flaw involves incorrect synchronization using tickets during buffer migration, causing amdgpu_vm_handle_moved to update page tables prematurely. In multi-GPU scenarios without peer-to-peer (P2P) PCI support, when one process moves a linear buffer for cross-GPU access while another GPU's command queue is still executing operations on that buffer, the premature page table invalidation causes the running job to reference invalid memory addresses, triggering GPU page faults and potential system hangs. This particularly affects workloads mixing rendering and display operations across AMD GPUs, such as applications using GPU0 for rendering while the X server composites on GPU1.

RemediationAI

Primary mitigation is upgrading to patched kernel versions: 6.12.75 or later in the 6.12.x series, 6.18.16+ in the 6.18.x series, 6.19.6+ in the 6.19.x series, or kernel 7.0 final release. Organizations can obtain patches from upstream repositories at the git.kernel.org URLs listed in references or through distribution-specific security update channels (Red Hat RHSA, Ubuntu USN, SUSE/SLES updates). For environments unable to immediately patch, implement these compensating controls with noted trade-offs: (1) Disable DMA-BUF sharing for AMDGPU by setting kernel parameter amdgpu.noretry=1, which prevents cross-GPU buffer sharing but breaks applications requiring multi-GPU rendering like professional graphics workflows; (2) Force single-GPU operation by disabling secondary AMD cards in BIOS or blacklisting the amdgpu module for specific PCI devices using modprobe configuration, eliminating multi-GPU capability entirely; (3) Enable P2P PCI access in BIOS if supported by hardware platform and verify with lspci, which may resolve the race condition by changing buffer migration behavior but requires compatible motherboard/CPU. Each workaround degrades GPU functionality and should only be temporary pending kernel upgrade. No application-layer or firewall-based mitigations are effective against this kernel driver bug.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28602 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy