CVE-2026-43444 Overview
CVE-2026-43444 is a Linux kernel vulnerability in the AMD Kernel Fusion Driver (amdkfd) Direct Rendering Manager (DRM) subsystem. The flaw exists in the queue update error handling path, where a buffer object (bo) remains reserved when a queue update operation fails. The fix ensures the buffer object is properly unreserved before returning the failure status. This resource management issue was resolved through a series of stable kernel commits cherry-picked from commit c24afed7de9ecce341825d8ab55a43a254348b33.
Critical Impact
Failure to unreserve a buffer object on the error path can lead to resource leaks, potential deadlocks in the GPU memory management subsystem, and degraded system stability on Linux systems using AMD GPU compute features.
Affected Products
- Linux kernel versions containing the amdkfd driver prior to the patch
- Systems using AMD GPU compute (KFD) functionality
- Linux distributions shipping affected stable kernel versions
Discovery Timeline
- 2026-05-08 - CVE-2026-43444 published to NVD
- 2026-05-12 - Last updated in NVD database
Technical Details for CVE-2026-43444
Vulnerability Analysis
The vulnerability resides in the AMD Kernel Fusion Driver (amdkfd), which provides compute queue management for AMD GPUs under the Direct Rendering Manager (DRM) subsystem. When a queue update operation fails, the original error handling path returned the failure code without releasing the reservation on the associated buffer object. Buffer object reservations in the Translation Table Maps (TTM) memory manager use locks to serialize access to GPU memory resources. Leaving a buffer object reserved after an error condition causes the resource to remain locked from subsequent operations.
This class of issue is categorized as improper resource cleanup on error paths, which can manifest as a resource leak or contribute to deadlock scenarios in concurrent kernel execution contexts.
Root Cause
The root cause is missing cleanup logic in the queue update error handling path within the amdkfd driver. The function reserves a buffer object before attempting the queue update but does not call the corresponding unreserve routine when the update operation fails. The patch reorders the error handling to unreserve the buffer object before returning the failure status, restoring symmetric resource management.
Attack Vector
This vulnerability requires local access to a system with AMD GPU compute functionality enabled. Triggering the condition depends on inducing a queue update failure in the amdkfd driver, which occurs in kernel-mode GPU compute workflows. The EPSS score is 0.023% with a percentile of 6.694, indicating low likelihood of weaponized exploitation. The primary risk is system stability rather than direct privilege escalation or code execution.
No verified public proof-of-concept code is available. The vulnerability mechanism and remediation are documented in the upstream kernel commits referenced below. See Linux Kernel Commit 2ce75a0 and Linux Kernel Commit b2b7742 for the upstream fixes.
Detection Methods for CVE-2026-43444
Indicators of Compromise
- Kernel log messages indicating queue update failures in the amdkfd driver subsystem
- Hung tasks or processes blocked on GPU memory operations involving AMD KFD compute queues
- Increased dmesg warnings related to buffer object reservation or TTM memory manager contention
Detection Strategies
- Audit kernel versions across Linux fleets to identify hosts running unpatched amdkfd driver code
- Monitor /proc/kmsg and journalctl -k for repeated DRM or KFD error messages following GPU compute workloads
- Correlate AMD GPU compute workload failures with kernel stack traces referencing amdkfd queue management functions
Monitoring Recommendations
- Enable kernel taint and lockup detection (hung_task_timeout_secs) to surface deadlocks tied to buffer object contention
- Track kernel package versions through configuration management tooling and flag systems below patched baselines
- Collect kernel telemetry from endpoints running GPU compute workloads to identify abnormal failure patterns
How to Mitigate CVE-2026-43444
Immediate Actions Required
- Identify all Linux systems running AMD GPUs with the amdkfd driver loaded and inventory their kernel versions
- Apply the latest stable kernel update from your Linux distribution that includes the upstream fix
- Reboot affected systems after kernel upgrade to load the patched amdkfd driver
Patch Information
The fix is available in upstream stable kernel commits: Linux Kernel Commit 2ce75a0, Linux Kernel Commit 529c985, Linux Kernel Commit 7811107, and Linux Kernel Commit b2b7742. The patch was cherry-picked from upstream commit c24afed7de9ecce341825d8ab55a43a254348b33. Apply distribution-provided kernel packages that incorporate these commits.
Workarounds
- Unload the amdkfd kernel module on systems that do not require AMD GPU compute functionality using modprobe -r amdkfd
- Restrict access to GPU compute interfaces by limiting which user accounts can submit workloads to AMD KFD devices
- Avoid running unstable or third-party GPU compute workloads on affected hosts until the patched kernel is deployed
# Verify current kernel version and amdkfd module status
uname -r
lsmod | grep amdkfd
# Check available kernel updates (Debian/Ubuntu)
apt list --upgradable | grep linux-image
# Check available kernel updates (RHEL/Fedora)
dnf check-update kernel
# Temporary mitigation: unload amdkfd if not required
sudo modprobe -r amdkfd
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
