CVE-2026-43206 Security Details

CVE ID

CVE-2026-43206

CWE

CWE-787

CVE Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.

Published

May 7, 2026

CVSS Score & Severity

7.8High

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.012%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Affected Ecosystems

affected

Source

National Vulnerability Database

References

lore.kernel.orgPROJECT