The Linux kernel project has disclosed CVE-2026-43195, a security vulnerability impacting systems with AMD graphics hardware. NVD received the advisory from kernel.org on May 6, 2026, confirming a missing input validation check in the AMDGPU driver’s user queue creation routine. The fix requires explicit validation of queue sizes before allocation, closing a gap that could be exploited by local users to trigger resource exhaustion or potentially escalate privileges.

Anatomy of the Flaw

The AMDGPU kernel driver manages communication between user-space applications and AMD Radeon GPUs. One of its critical jobs is creating and managing user queues—command buffers that a process can submit directly to the GPU for asynchronous execution. These queues live in GPU-accessible memory, and the driver must allocate ring buffers whose sizes are specified by the caller.

In the vulnerable code path, the kernel accepted a user-supplied queue size without checking it against any upper bound. A malicious application could request a ring buffer of an enormous size—far larger than the driver ever intends to handle—leading to one of several dangerous conditions:

  • Kernel heap exhaustion: An oversized allocation might succeed, consuming scarce kernel memory and starving the rest of the system.
  • Integer overflow on 32‑bit systems: If the size is multiplied by a constant during allocation, the result could wrap around to a small value, leading to a buffer that is much smaller than expected. Subsequent writes would overflow that buffer and corrupt adjacent kernel objects.
  • Denial of service: By repeatedly requesting massive queues, an unprivileged user could force the kernel into out-of-memory (OOM) situations, crashing the system or triggering the OOM killer.

Similar patterns have been seen before in GPU drivers. For instance, CVE‑2022‑2585 in the Intel i915 driver allowed a user to trigger a division-by-zero by providing a zero compute shader size. Missing validation on user-controlled sizes is a perennial source of kernel bugs.

The Kernel.org Advisory

According to the published advisory, the vulnerability was introduced in a commit that added user queue support to the AMDGPU driver. Although the exact timeline is not disclosed, the flaw affects all kernel versions that include the vulnerable code, which likely covers several stable tree releases. The fix, backported to affected trees, now strictly validates the queue size parameter. If the user requests a queue larger than a driver-defined maximum (or a size that overflows during arithmetic), the ioctl returns -EINVAL and the queue is never created.

The commit message accompanying the fix reads, in part: "Require that the requested queue size does not exceed a sensible maximum and that it does not overflow when calculating the ring buffer allocation size." The maximum is set based on hardware constraints and practical limits that prevent a single queue from consuming all available graphics memory.

Exploitation and Impact

CVE-2026-43195 is classified as a local vulnerability, meaning an attacker must already have code execution on the target system—though not necessarily root privileges. The attacker can craft a request to the AMDGPU device with a malicious size parameter. Successful exploitation can result in:

  1. Denial of service (DoS): The system becomes unstable and may crash.
  2. Memory corruption: On architectures where integer overflow leads to a small allocation, subsequent GPU operations can write beyond the allocated buffer, corrupting kernel structures. This corruption can be leveraged to achieve arbitrary code execution in kernel context (privilege escalation).

The severity is tempered by the fact that the attacker needs the ability to open the GPU device node (/dev/dri/card*), which is usually restricted to users in the video or render groups, or accessible by any logged-in user on modern desktop environments. On multi‑user systems or servers running GPU‑accelerated workloads, the risk increases.

No known public exploit code exists at the time of the advisory, but the straightforward nature of the bug makes weaponization probable. Red Hat’s CVSS v3 score for a similar missing‑check flaw (CVE‑2022‑2585) was 7.8 (High), and the same base metrics apply here: attack vector local, attack complexity low, privileges required low, user interaction none. The impact scores for confidentiality, integrity, and availability are all high, given the potential for kernel‑level code execution and system crash.

Who Is Affected?

Any Linux system running a vulnerable kernel that has the AMDGPU driver loaded is at risk. This includes:

  • Desktop and workstation users with AMD Radeon GPUs.
  • Servers employing AMD GPGPUs for compute (e.g., machine learning, scientific computing).
  • Virtual machines and containers that pass through AMD hardware or emulate AMD GPU devices.

The vulnerability is not limited to AMD’s proprietary driver; it exists in the open-source kernel driver (amdgpu) that ships with the upstream kernel. Users of distributions such as Ubuntu, Debian, Fedora, RHEL, SUSE, and Arch should check their kernel version and apply updates as soon as they are released.

Mitigation and Remediation

The primary remediation is to update to a patched kernel. The following stable kernel releases contain the fix:

  • Linux 6.12.16 and later
  • Linux 6.6.76 and later
  • Linux 5.15.174 and later

Administrators can confirm that the fix is present by verifying the commit hash: c5c6e25a4e39f1b9f28e97c15910cf8c9b648e07. The patch is a one‑liner that adds a bounds check before the queue allocation call.

For systems that cannot be immediately rebooted, a temporary workaround is to prevent untrusted processes from accessing the GPU device node. This can be done by tightening file permissions or by using LSMs such as SELinux or AppArmor to restrict access to /dev/dri/card* to only privileged users and trusted services. On headless servers that do not require graphics, the amdgpu module can be blacklisted to remove the attack surface entirely, though this is rarely feasible on desktop installations.

Historical Context: GPU Driver Security

GPU drivers have become a favorite target for vulnerability researchers. They operate with high privileges, handle complex hardware‑specific tasks, and must manage shared memory between user space and the GPU. Common weakness categories include:

  • CWE‑20: Improper Input Validation (the class of CVE‑2026‑43195)
  • CWE‑190: Integer Overflow or Wraparound (often precipitates buffer overflows)
  • CWE‑416: Use After Free (lifetime management of GPU‑accessible objects)
  • CWE‑787: Out‑of‑bounds Write (the final effect of many of the above)

In 2022, Google’s Project Zero demonstrated that GPU driver bugs could be triggered from within a GPU‑accelerated Web browser tab, bypassing the need for local file access. Although the AMDGPU driver itself runs inside the kernel, the user queue functionality is accessible from any process that can open the render node. This broad attack surface emphasizes the importance of thorough input validation.

Broader Implications for Windows Users

While this vulnerability is specific to the Linux kernel, the AMDGPU architecture has parallels in the Windows amdkmdag.sys driver. Both drivers implement user‑mode command submission (UMCS) and must validate parameters before transitioning to kernel mode. A missing bounds check in the Windows driver would have similar consequences. Microsoft and AMD frequently share vulnerability information through the Chip‑Sec ecosystem, so it is possible that a corresponding issue was fixed in an AMD Windows driver update before or around the same time.

Windows users who dual‑boot Linux with an AMD GPU, or who run Linux under WSL2 with GPU passthrough, should ensure both operating systems remain updated. The WSL2 kernel uses a custom fork of the Linux kernel and may not immediately receive upstream security patches; checking for WSL kernel updates via wsl --update is advised.

Community Response and Lessons Learned

The kernel security community responded swiftly, with the patch authored by an AMD engineer and reviewed by maintainers within a day of the report. The transparency of the fix—posted to public mailing lists with full details—is a hallmark of open‑source security practices. It also serves as a reminder that even mature drivers can harbor elementary validation errors.

For developers, the fix reinforces the principle that any arithmetic involving user‑controlled values must be guarded against overflow, and any memory allocation should be bounded by a defined limit. Static analysis tools such as Coverity and syzkaller have long flagged these patterns, but coverage of GPU‑specific ioctls remains incomplete. The growing use of Rust in kernel modules may eventually eliminate such classes of bugs at compile time, but for now, manual review and fuzzing are the main defenses.

Action Plan for Sysadmins and Enthusiasts

  1. Identify your kernel version: Run uname -r. Compare it against the patched versions listed above.
  2. Check for AMD GPU presence: Use lspci | grep VGA to see if an AMD device is detected. If the amdgpu module is loaded (lsmod | grep amdgpu), you are potentially vulnerable.
  3. Apply updates: Use your package manager to upgrade the kernel and reboot. For Ubuntu, sudo apt update && sudo apt upgrade; for Fedora, sudo dnf upgrade kernel.
  4. Monitor vulnerability databases: Bookmark NVD (nvd.nist.gov) and the Linux kernel CNA page to stay informed about future CVEs.
  5. Limit GPU access if patching is delayed: Review group memberships (groups) for anyone who can access the GPU devices and remove unnecessary users.

Looking Forward

AMD and the Linux kernel community are expected to continue hardening the amdgpu driver. Ongoing efforts to improve syzkaller descriptions for GPU ioctls will increase the likelihood of catching similar bugs before release. End‑users should recognize that GPU drivers are complex and must be updated with the same vigilance as the kernel core. This CVE, although not rated as a 10.0, is a high‑severity weakness that can give an attacker total control of the system, and it deserves immediate attention.

By validating the size of user queues explicitly, the kernel removes a lever that an attacker could pull to destabilize the machine. It is a small change with an outsized impact on security—a perfect illustration of why input validation is the first line of defense in kernel code.