CVE-2026-31766 Overview
CVE-2026-31766 is a Linux kernel vulnerability in the AMD GPU (amdgpu) Direct Rendering Manager (DRM) driver. The flaw resides in amdgpu_userq_get_doorbell_index(), which passes a user-supplied doorbell_offset to amdgpu_doorbell_index_on_bar() without bounds checking during user queue creation. An arbitrarily large doorbell_offset can produce a doorbell index outside the allocated doorbell buffer object (BO), corrupting kernel doorbell space.
Critical Impact
A local user with access to the AMD GPU device can corrupt kernel doorbell memory, leading to integrity loss and denial of service on affected Linux systems.
Affected Products
- Linux kernel versions containing the unpatched amdgpu user queue creation code path
- Distributions shipping the affected drm/amdgpu driver prior to backport of commit de1ef4ffd70e
- Systems exposing AMD GPU user queue interfaces to unprivileged or low-privileged local users
Discovery Timeline
- 2026-05-01 - CVE-2026-31766 published to NVD
- 2026-05-03 - Last updated in NVD database
Technical Details for CVE-2026-31766
Vulnerability Analysis
The vulnerability is a missing bounds check in the AMD GPU kernel driver user queue (userq) doorbell handling logic. When user space creates a queue, it supplies a doorbell_offset value used to compute the queue's doorbell index on the GPU's PCI Base Address Register (BAR). The driver function amdgpu_userq_get_doorbell_index() forwarded the attacker-controlled offset to amdgpu_doorbell_index_on_bar() without verifying it stayed within the bounds of the allocated doorbell BO.
The upstream fix validates that doorbell_offset falls inside the doorbell BO before computing the BAR index and uses 64-bit (u64) arithmetic to prevent integer overflow during the calculation. This classifies as an out-of-bounds write tied to improper input validation in a kernel driver.
Root Cause
The root cause is the absence of input validation on a user-controlled offset before it is used in pointer arithmetic. The original code accepted doorbell_offset and applied it directly, trusting user space. Combined with arithmetic that could overflow at 32-bit width, the calculated index could land outside the doorbell BO and reference kernel-managed doorbell space used by other queues or driver state.
Attack Vector
Exploitation requires local access and the ability to invoke the amdgpu user queue creation ioctl path. A low-privileged local user submits a crafted user queue creation request specifying an oversized doorbell_offset. The driver computes a doorbell index outside the allocated BO and writes into adjacent kernel doorbell memory. This can corrupt queue submission state for other contexts, destabilize the GPU subsystem, or be chained with other primitives to influence kernel behavior. No user interaction beyond the attacker's own process is required, and remote exploitation is not possible.
No public proof-of-concept exploit is currently available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. Technical detail is available in the upstream kernel commits (3543005, 86b732f, and a018d18).
Detection Methods for CVE-2026-31766
Indicators of Compromise
- Kernel log entries from the amdgpu driver referencing doorbell index errors, GPU resets, or queue submission failures shortly after a process opens /dev/dri/renderD* or /dev/dri/card* devices
- Unexpected GPU hangs, display corruption, or compute job failures correlated with non-graphical local processes performing queue creation ioctls
- System instability or kernel oops traces involving amdgpu_userq_get_doorbell_index or amdgpu_doorbell_index_on_bar
Detection Strategies
- Audit kernel versions across the Linux fleet against the patched commits (3543005a42d7, 86b732fbc37c, a018d1819f15) to identify hosts still running vulnerable drm/amdgpu code
- Monitor processes invoking DRM_IOCTL_AMDGPU_* user queue creation calls and correlate with low-privileged accounts that have no legitimate GPU workload
- Use eBPF or auditd rules to record ioctl calls against AMD GPU device nodes, focusing on anomalous doorbell_offset parameter values
Monitoring Recommendations
- Forward kernel ring buffer (dmesg) and journalctl -k output to a centralized log platform and alert on amdgpu driver faults
- Track GPU device file access by user identity to detect unprivileged users interacting with amdgpu user queue interfaces
- Establish baselines for GPU reset frequency per host and alert on deviations following local user activity
How to Mitigate CVE-2026-31766
Immediate Actions Required
- Apply the upstream Linux kernel patches referenced in commits 3543005a42d7, 86b732fbc37c, and a018d1819f15 or upgrade to a distribution kernel that has incorporated them
- Restrict access to AMD GPU device nodes (/dev/dri/render*, /dev/dri/card*) to trusted users and groups using filesystem permissions or device cgroups
- Inventory hosts using AMD GPUs with the amdgpu driver and prioritize multi-tenant systems, shared workstations, and container hosts for patching
Patch Information
The fix adds bounds validation for doorbell_offset against the doorbell BO and switches the index computation to u64 arithmetic to prevent overflow. It is backported from upstream commit de1ef4ffd70e1d15f0bf584fd22b1f28cbd5e2ec. Patched kernel trees are available via the Kernel Git Commit 3543005, Kernel Git Commit 86b732f, and Kernel Git Commit a018d18 references.
Workarounds
- Where patching is not immediately possible, restrict membership of the video and render groups and remove unnecessary local accounts from systems with AMD GPUs
- On servers without a graphical workload, blacklist the amdgpu module if no AMD GPU functionality is required
- For container and multi-tenant environments, deny access to /dev/dri/* from untrusted workloads using device cgroup rules or seccomp profiles
# Example: deny GPU device access in a systemd service unit
[Service]
DeviceAllow=
PrivateDevices=yes
# Example: blacklist amdgpu where not needed
echo 'blacklist amdgpu' | sudo tee /etc/modprobe.d/blacklist-amdgpu.conf
sudo update-initramfs -u
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
