CVE-2026-43206 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()

The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8
bytes via memset without checking the buffer size parameter. This allows
unprivileged userspace to trigger an out-of bounds kernel memory write
by passing a small buffer, leading to potential privilege
escalation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 3e04bc310d80b46eaf481f1fefcbcb37a187412d
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b4034442cb090e4a980bdcc1540948606cbc951b
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 75fb57efdd7863fffbc39db23e9cad7aafda26ed
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 4e72f419e4ed44cb3b60506752d8688c20a60a9b
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 8a70a26c9f34baea6c3199a9862ddaff4554a96d

Linux

affected

Version	Status	Constraints
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/3e04bc310d80b46eaf481f1fefcbcb37a187412d
https://git.kernel.org/stable/c/4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
https://git.kernel.org/stable/c/4e72f419e4ed44cb3b60506752d8688c20a60a9b
https://git.kernel.org/stable/c/75fb57efdd7863fffbc39db23e9cad7aafda26ed
https://git.kernel.org/stable/c/8a70a26c9f34baea6c3199a9862ddaff4554a96d
https://git.kernel.org/stable/c/b4034442cb090e4a980bdcc1540948606cbc951b
https://git.kernel.org/stable/c/bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
https://git.kernel.org/stable/c/de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f

History

Wed, 06 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.
Title		drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3e04bc310d80b46eaf481f1fefcbcb37a187412d https://git.kernel.org/stable/c/4857c37c7ba9aa38b9a4c694e8bd8d0091c87940 https://git.kernel.org/stable/c/4e72f419e4ed44cb3b60506752d8688c20a60a9b https://git.kernel.org/stable/c/75fb57efdd7863fffbc39db23e9cad7aafda26ed https://git.kernel.org/stable/c/8a70a26c9f34baea6c3199a9862ddaff4554a96d https://git.kernel.org/stable/c/b4034442cb090e4a980bdcc1540948606cbc951b https://git.kernel.org/stable/c/bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b https://git.kernel.org/stable/c/de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:10.937Z

Updated: 2026-05-06T11:28:10.937Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43206

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:39.903

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43206

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T15:00:07Z

Weaknesses

CWE-787

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object