CVE-2026-43169

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/buddy: Prevent BUG_ON by validating rounded allocation<br /> <br /> When DRM_BUDDY_CONTIGUOUS_ALLOCATION is set, the requested size is<br /> rounded up to the next power-of-two via roundup_pow_of_two().<br /> Similarly, for non-contiguous allocations with large min_block_size,<br /> the size is aligned up via round_up(). Both operations can produce a<br /> rounded size that exceeds mm-&gt;size, which later triggers<br /> BUG_ON(order &gt; mm-&gt;max_order).<br /> <br /> Example scenarios:<br /> - 9G CONTIGUOUS allocation on 10G VRAM memory:<br /> roundup_pow_of_two(9G) = 16G &gt; 10G<br /> - 9G allocation with 8G min_block_size on 10G VRAM memory:<br /> round_up(9G, 8G) = 16G &gt; 10G<br /> <br /> Fix this by checking the rounded size against mm-&gt;size. For<br /> non-contiguous or range allocations where size &gt; mm-&gt;size is invalid,<br /> return -EINVAL immediately. For contiguous allocations without range<br /> restrictions, allow the request to fall through to the existing<br /> __alloc_contig_try_harder() fallback.<br /> <br /> This ensures invalid user input returns an error or uses the fallback<br /> path instead of hitting BUG_ON.<br /> <br /> v2: (Matt A)<br /> - Add Fixes, Cc stable, and Closes tags for context