HOMEVULNERABILITIESCVE-2026-43318
NONE

CVE-2026-43318

Published: May 8, 2026· Updated: May 12, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify

Invalidating a dmabuf will impact other users of the shared BO.

In the scenario where process A moves the BO, it needs to inform

process B about the move and process B will need to update its

page table.

The commit fixes a synchronisation bug caused by the use of the

ticket: it made amdgpu_vm_handle_moved behave as if updating

the page table immediately was correct but in this case it's not.

An example is the following scenario, with 2 GPUs and glxgears

running on GPU0 and Xorg running on GPU1, on a system where P2P

PCI isn't supported:

glxgears:

export linear buffer from GPU0 and import using GPU1

submit frame rendering to GPU0

submit tiled->linear blit

Xorg:

copy of linear buffer

The sequence of jobs would be:

drm_sched_job_run # GPU0, frame rendering

drm_sched_job_queue # GPU0, blit

drm_sched_job_done # GPU0, frame rendering

drm_sched_job_run # GPU0, blit

move linear buffer for GPU1 access #

amdgpu_dma_buf_move_notify -> update pt # GPU0

It this point the blit job on GPU0 is still running and would

likely produce a page fault.

NVD Source

Technical Analysis

CVE-2026-43318 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-43318
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 8, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43318 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.