Skip to main content

Linux Kernel EUVDEUVD-2026-28676

| CVE-2026-43370 HIGH
Use After Free (CWE-416)
2026-05-08 Linux GHSA-f593-x5jj-v2pg
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:29 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
HIGH 7.8
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix use-after-free race in VM acquire

Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork().

(cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618)

AnalysisAI

Use-after-free race condition in Linux kernel amdgpu driver allows local authenticated users to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The flaw occurs when parent and child processes sharing a drm_file both attempt to acquire the same virtual memory context after fork(), due to non-atomic vm->process_info assignment. Patches released across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0). EPSS score of 0.02% (7th percentile) indicates very low predicted exploitation probability despite CVSS 7.8 severity, and no active exploitation or public POC identified.

Technical ContextAI

This vulnerability affects the Direct Rendering Manager (DRM) subsystem in the Linux kernel, specifically the AMDGPU driver component responsible for managing AMD GPU virtual memory contexts. The race condition stems from a non-atomic assignment operation in the VM acquire path during process forking. When a process with an open DRM file descriptor forks, both parent and child processes share the same drm_file structure and may concurrently attempt to acquire the same VM context. The original code performed a simple assignment to vm->process_info without atomic synchronization primitives, creating a classic time-of-check-time-of-use vulnerability. The fix replaces this with cmpxchg() (compare-and-exchange), an atomic CPU instruction that prevents concurrent modifications. Use-after-free vulnerabilities occur when memory is accessed after being freed, potentially allowing attackers to control freed memory contents and redirect execution flow. The affected code path is triggered specifically during GPU virtual memory management operations following fork() system calls on systems with AMD graphics hardware.

RemediationAI

Update to patched Linux kernel versions appropriate for your distribution: 5.10.253 or later for 5.10.x series, 5.15.203+ for 5.15.x, 6.1.167+ for 6.1.x, 6.6.130+ for 6.6.x, 6.12.78+ for 6.12.x, 6.18.19+ for 6.18.x, 6.19.9+ for 6.19.x, or upgrade to kernel 7.0+. Upstream fix commit c7c573275ec2 replaced non-atomic assignment with cmpxchg() in amdgpu VM acquire code. Distribution-specific advisories and kernel packages should be consulted for tested updates matching your environment. If immediate patching is not feasible, compensating controls include: limiting local user access to systems with AMD GPUs, restricting process forking capabilities for GPU-utilizing applications through cgroups or AppArmor/SELinux policies (trade-off: may break legitimate multi-process GPU workloads), or temporarily disabling amdgpu driver and falling back to software rendering (significant performance impact, only viable for non-GPU-dependent workloads). Monitor for unusual GPU memory access patterns or crashes in amdgpu driver as potential exploitation indicators. Patch verification: confirm kernel version includes commits listed above via git log inspection or distribution changelog review.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28676 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy