CVE-2026-43318

Published: Mag 08, 2026 Last Modified: Mag 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

Invalidating a dmabuf will impact other users of the shared BO.
In the scenario where process A moves the BO, it needs to inform
process B about the move and process B will need to update its
page table.

The commit fixes a synchronisation bug caused by the use of the
ticket: it made amdgpu_vm_handle_moved behave as if updating
the page table immediately was correct but in this case it's not.

An example is the following scenario, with 2 GPUs and glxgears
running on GPU0 and Xorg running on GPU1, on a system where P2P
PCI isn't supported:

glxgears:
export linear buffer from GPU0 and import using GPU1
submit frame rendering to GPU0
submit tiled->linear blit
Xorg:
copy of linear buffer

The sequence of jobs would be:
drm_sched_job_run # GPU0, frame rendering
drm_sched_job_queue # GPU0, blit
drm_sched_job_done # GPU0, frame rendering
drm_sched_job_run # GPU0, blit
move linear buffer for GPU1 access #
amdgpu_dma_buf_move_notify -> update pt # GPU0

It this point the blit job on GPU0 is still running and would
likely produce a page fault.

https://git.kernel.org/stable/c/3307459eb3583115264421e8598…

https://git.kernel.org/stable/c/3307459eb3583115264421e859858d1f90f3694a

https://git.kernel.org/stable/c/82a7ea35a1526bef8ae170c33ff…

https://git.kernel.org/stable/c/82a7ea35a1526bef8ae170c33ff80e5db7728961

https://git.kernel.org/stable/c/89a9389ad70d3c69538e59d87df…

https://git.kernel.org/stable/c/89a9389ad70d3c69538e59d87df67d407aef4c26

https://git.kernel.org/stable/c/b18fc0ab837381c1a6ef2838660…

https://git.kernel.org/stable/c/b18fc0ab837381c1a6ef28386602cd888f2d9edf

CVE-2026-43318

Description

Iscriviti alla newsletter