CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify<br /> <br /> Invalidating a dmabuf will impact other users of the shared BO.<br /> In the scenario where process A moves the BO, it needs to inform<br /> process B about the move and process B will need to update its<br /> page table.<br /> <br /> The commit fixes a synchronisation bug caused by the use of the<br /> ticket: it made amdgpu_vm_handle_moved behave as if updating<br /> the page table immediately was correct but in this case it&amp;#39;s not.<br /> <br /> An example is the following scenario, with 2 GPUs and glxgears<br /> running on GPU0 and Xorg running on GPU1, on a system where P2P<br /> PCI isn&amp;#39;t supported:<br /> <br /> glxgears:<br /> export linear buffer from GPU0 and import using GPU1<br /> submit frame rendering to GPU0<br /> submit tiled-&gt;linear blit<br /> Xorg:<br /> copy of linear buffer<br /> <br /> The sequence of jobs would be:<br /> drm_sched_job_run # GPU0, frame rendering<br /> drm_sched_job_queue # GPU0, blit<br /> drm_sched_job_done # GPU0, frame rendering<br /> drm_sched_job_run # GPU0, blit<br /> move linear buffer for GPU1 access #<br /> amdgpu_dma_buf_move_notify -&gt; update pt # GPU0<br /> <br /> It this point the blit job on GPU0 is still running and would<br /> likely produce a page fault.