CVE-2026-43399 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. (cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd27)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

References

Link	Providers
https://git.kernel.org/stable/c/49abfa812617a7f2d0132c70d23ac98b389c6ec1
https://git.kernel.org/stable/c/5409247d41f372bec5b141ef599f2d9f5e81b746
https://git.kernel.org/stable/c/762f47e2b824383d5be65eee2c40a1269b7d50c8

History

Fri, 08 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. (cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd27)
Title		drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/49abfa812617a7f2d0132c70d23ac98b389c6ec1 https://git.kernel.org/stable/c/5409247d41f372bec5b141ef599f2d9f5e81b746 https://git.kernel.org/stable/c/762f47e2b824383d5be65eee2c40a1269b7d50c8

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:41.529Z

Updated: 2026-05-08T14:21:41.529Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43399

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:51.327

Modified: 2026-05-08T15:16:51.327

Link: CVE-2026-43399

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T18:00:13Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43399", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:56.007Z", "datePublished": "2026-05-08T14:21:41.529Z", "dateUpdated": "2026-05-08T14:21:41.529Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-08T14:21:41.529Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl\n\nDrop reference to syncobj and timeline fence when aborting the ioctl due\noutput array being too small.\n\n(cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd27)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c"], "versions": [{"version": "a292fdecd72834b3bec380baa5db1e69e7f70679", "lessThan": "762f47e2b824383d5be65eee2c40a1269b7d50c8", "status": "affected", "versionType": "git"}, {"version": "a292fdecd72834b3bec380baa5db1e69e7f70679", "lessThan": "5409247d41f372bec5b141ef599f2d9f5e81b746", "status": "affected", "versionType": "git"}, {"version": "a292fdecd72834b3bec380baa5db1e69e7f70679", "lessThan": "49abfa812617a7f2d0132c70d23ac98b389c6ec1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c"], "versions": [{"version": "6.16", "status": "affected"}, {"version": "0", "lessThan": "6.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.19", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.9", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.18.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.19.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/762f47e2b824383d5be65eee2c40a1269b7d50c8"}, {"url": "https://git.kernel.org/stable/c/5409247d41f372bec5b141ef599f2d9f5e81b746"}, {"url": "https://git.kernel.org/stable/c/49abfa812617a7f2d0132c70d23ac98b389c6ec1"}], "title": "drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl", "x_generator": {"engine": "bippy-1.2.0"}}}}