cve 2026-43400

CVE-2026-43400 is a Linux kernel vulnerability disclosed in May 2026 affecting AMD's open-source amdgpu driver. The issue allows oversized user input to the amdgpu_userq_signal_ioctl path, potentially causing out-of-memory conditions that can be exploited for denial-of-service attacks. The fix involves rejecting values above AMDGPU_USERQ_MAX_HANDLES. This CVE highlights how modern GPU drivers have become significant kernel attack surfaces, impacting desktops, workstations, cloud hosts, AI systems, and Windows-adjacent Linux deployments. Discussions on WindowsForum cover the technical details of the vulnerability, the minimal patch, and broader implications for system security.