CVE-2026-43298 Overview
CVE-2026-43298 is a medium-severity vulnerability in the Linux kernel's AMD GPU driver (amdgpu). The flaw resides in the VCN (Video Core Next) version 2.5 deinitialization path. When the driver runs inside a virtual function (VF), it attempts to release a VCN poison interrupt request (IRQ) that was never enabled on the VF. This triggers a WARNING in amdgpu_irq_put at amdgpu_irq.c:641 during module unload, producing a call trace through vcn_v2_5_hw_fini. The result is a kernel warning and potential disruption to driver teardown on AMD GPU instances exposed via SR-IOV virtualization.
Critical Impact
A local user with the ability to unload the amdgpu driver inside a guest VM can trigger a kernel warning and disrupt clean GPU driver deinitialization, impacting availability.
Affected Products
- Linux Kernel with amdgpu driver supporting VCN v2.5
- Linux guest virtual machines using AMD GPU SR-IOV virtual functions
- Distributions shipping kernels prior to the upstream stable fix commits
Discovery Timeline
- 2026-05-08 - CVE-2026-43298 published to NVD
- 2026-05-15 - Last updated in NVD database
Technical Details for CVE-2026-43298
Vulnerability Analysis
The vulnerability lives in the AMD GPU kernel driver's VCN v2.5 hardware finalization routine (vcn_v2_5_hw_fini). During driver teardown, the routine calls amdgpu_irq_put to release the VCN poison IRQ. On a virtual function, this IRQ is never enabled because VF guests do not own the underlying physical interrupt source for poison events. Releasing an IRQ that was never put produces a WARN_ON at line 641 of amdgpu_irq.c.
The kernel log shows the warning during rmmod amdgpu:
WARNING: CPU: 3 PID: 1079 at amdgpu_irq.c:641 amdgpu_irq_put+0xc6/0xe0 [amdgpu]
Call Trace: vcn_v2_5_hw_fini+0x19e/0x1e0 [amdgpu]
The condition affects availability rather than confidentiality or integrity. The CVSS vector indicates a local attack with low privilege requirements and high availability impact.
Root Cause
The root cause is a missing guest-context check before releasing the VCN poison interrupt. The driver assumes the poison IRQ was registered and enabled during initialization, but VCN v2.5 does not enable this IRQ on VFs. The asymmetry between the init and fini paths causes the warning. This is a kernel driver logic flaw [CWE-NVD-noinfo].
Attack Vector
Exploitation requires local access on a Linux guest using an AMD GPU virtual function. A user with permission to load and unload the amdgpu module — typically root inside the VM — can trigger the warning by performing module unload or driver reset operations. Repeated triggering of kernel warnings can be used to flood logs or destabilize automated teardown sequences. There is no remote vector and no information disclosure.
No public proof-of-concept exists and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS probability reflects a very low likelihood of exploitation in the wild.
Detection Methods for CVE-2026-43298
Indicators of Compromise
- Kernel ring buffer entries containing WARNING: ... amdgpu_irq_put followed by a call trace through vcn_v2_5_hw_fini.
- Repeated rmmod amdgpu or driver reset events on virtualized hosts running AMD VCN v2.5 hardware.
- Tainted: G OE flags appearing in dmesg after AMD GPU driver teardown on a VM.
Detection Strategies
- Monitor dmesg and /var/log/kern.log for the specific amdgpu_irq_put warning signature on guests exposed to AMD SR-IOV GPUs.
- Compare installed kernel versions against the fixed upstream commits 8980be03b3f9, 8ee9aa80d4f1, and f1db6fc5a834.
- Alert on unexpected amdgpu module unload events from non-administrative sessions inside guest VMs.
Monitoring Recommendations
- Forward kernel logs from virtualized GPU workloads to a centralized log platform and create rules for the amdgpu_irq_put warning.
- Track GPU driver version and kernel build inventory across virtualized fleets to identify unpatched hosts.
- Audit which guest users hold CAP_SYS_MODULE since module loading and unloading is required to trigger the condition.
How to Mitigate CVE-2026-43298
Immediate Actions Required
- Apply the upstream stable kernel patches referenced in the Linux Kernel Commit 8980be03b3f9, Linux Kernel Commit 8ee9aa80d4f1, and Linux Kernel Commit f1db6fc5a834.
- Update to a distribution kernel that incorporates the fix and reboot affected guest VMs.
- Restrict the ability to unload the amdgpu module to trusted administrators only.
Patch Information
The upstream fix modifies vcn_v2_5_hw_fini to skip calling amdgpu_irq_put for the VCN poison IRQ when running on a virtual function. Three stable-tree commits were published on git.kernel.org. Linux distribution vendors will backport this patch into their stable kernel update streams. Verify the active kernel after upgrade with uname -r and confirm the amdgpu module version matches the patched build.
Workarounds
- Avoid unloading the amdgpu driver on guest VMs using AMD SR-IOV until the patched kernel is deployed.
- Limit CAP_SYS_MODULE and root access inside guest VMs to reduce who can trigger driver teardown.
- Suppress the specific warning in monitoring pipelines only as a temporary measure while patching is scheduled.
# Verify running kernel and amdgpu module status
uname -r
modinfo amdgpu | grep -E 'version|srcversion'
# Check for the warning signature in kernel logs
dmesg | grep -A 20 'amdgpu_irq_put'
# After applying the patched kernel, reboot and re-verify
sudo reboot
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
