CVE-2026-46311
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, a vulnerability in the drm/amdgpu/userq driver allows access to a stale wptr mapping. The fix uses drm_exec to lock both vm root bo and wptr_obj bo simultaneously, preventing a race condition during queue creation.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to kernel memory, potentially leading to privilege escalation or data leakage.
Recommendation
Immediately update the Linux kernel to a version containing commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c or later.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while a queue creation is in progress and passing other bo at same address. (cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)

