In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()

The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8
bytes via memset without checking the buffer size parameter. This allows
unprivileged userspace to trigger an out-of bounds kernel memory write
by passing a small buffer, leading to potential privilege
escalation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 3e04bc310d80b46eaf481f1fefcbcb37a187412d
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < b4034442cb090e4a980bdcc1540948606cbc951b
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 75fb57efdd7863fffbc39db23e9cad7aafda26ed
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 4e72f419e4ed44cb3b60506752d8688c20a60a9b
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected < 8a70a26c9f34baea6c3199a9862ddaff4554a96d
Linux Linux affected
Version Status Constraints
5.10.252 unaffected ≤ 5.10.*
5.15.202 unaffected ≤ 5.15.*
6.1.165 unaffected ≤ 6.1.*
6.6.128 unaffected ≤ 6.6.*
6.12.75 unaffected ≤ 6.12.*
6.18.16 unaffected ≤ 6.18.*
6.19.6 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/3e04bc310d80b46eaf481f1fefcbcb37a187412d cve-icon cve-icon
https://git.kernel.org/stable/c/4857c37c7ba9aa38b9a4c694e8bd8d0091c87940 cve-icon cve-icon
https://git.kernel.org/stable/c/4e72f419e4ed44cb3b60506752d8688c20a60a9b cve-icon cve-icon
https://git.kernel.org/stable/c/75fb57efdd7863fffbc39db23e9cad7aafda26ed cve-icon cve-icon
https://git.kernel.org/stable/c/8a70a26c9f34baea6c3199a9862ddaff4554a96d cve-icon cve-icon
https://git.kernel.org/stable/c/b4034442cb090e4a980bdcc1540948606cbc951b cve-icon cve-icon
https://git.kernel.org/stable/c/bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b cve-icon cve-icon
https://git.kernel.org/stable/c/de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f cve-icon cve-icon
History

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.
Title drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:28:10.937Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43206

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:39.903

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.