cve-2026-43398

CVE-2026-43398 is a Linux kernel vulnerability in the AMDGPU driver's user queue wait ioctl path, where oversized user-supplied values can trigger out-of-memory conditions. Disclosed by kernel.org and listed by NVD on May 8, 2026, the fix adds an upper bound check. The bug highlights that modern graphics drivers are privileged, memory-hungry subsystems critical for desktop responsiveness, GPU compute, virtualization, and cloud workloads. Discussions on WindowsForum.com cover the technical details, impact, and implications for systems using AMD GPUs, including potential risks for Windows users running Linux VMs or WSL.