CVE-2026-43206

HIGH EPSS 3.6%
Published May 6, 20261mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
3.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.17  –  <5.10.252
linuxlinux_kernel*≥5.11  –  <5.15.202
linuxlinux_kernel*≥5.16  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 8

  • git.kernel.org https://git.kernel.org/stable/c/3e04bc310d80b46eaf481f1fefcbcb37a187412d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e72f419e4ed44cb3b60506752d8688c20a60a9b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/75fb57efdd7863fffbc39db23e9cad7aafda26ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a70a26c9f34baea6c3199a9862ddaff4554a96d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4034442cb090e4a980bdcc1540948606cbc951b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3e04bc310d80b46eaf481f1fefcbcb37a187412d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e72f419e4ed44cb3b60506752d8688c20a60a9b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/75fb57efdd7863fffbc39db23e9cad7aafda26ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a70a26c9f34baea6c3199a9862ddaff4554a96d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4034442cb090e4a980bdcc1540948606cbc951b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
    Patch