CVE-2026-43206
Published: May 6, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0fc8011f89feb8b2c3008583b777d097e1974660 - < 3e04bc310d80b46eaf481f1fefcbcb37a187412daffected 0fc8011f89feb8b2c3008583b777d097e1974660 - < de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781faffected 0fc8011f89feb8b2c3008583b777d097e1974660 - < b4034442cb090e4a980bdcc1540948606cbc951baffected 0fc8011f89feb8b2c3008583b777d097e1974660 - < 4857c37c7ba9aa38b9a4c694e8bd8d0091c87940affected 0fc8011f89feb8b2c3008583b777d097e1974660 - < 75fb57efdd7863fffbc39db23e9cad7aafda26ed+3 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 5.10.252 - <= 5.10.*unaffected 5.15.202 - <= 5.15.*unaffected 6.1.165 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now