SB20260626207 - Heap-based buffer overflow in Linux kernel amd amdkfd driver



SB20260626207 - Heap-based buffer overflow in Linux kernel amd amdkfd driver

Published: June 26, 2026

Security Bulletin ID SB20260626207
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Heap-based buffer overflow (CVE-ID: CVE-2026-53143)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information and corrupt memory.

The vulnerability exists due to a heap-based buffer overflow in the amdkfd v11 MQD manager SDMA queue checkpoint and restore handlers when processing CRIU checkpoint and restore operations for SDMA queues on GFX11. A local user can trigger checkpoint or restore of an SDMA queue to disclose sensitive information and corrupt memory.

The issue is specific to v11 SDMA queues on Navi3x during CRIU checkpoint and restore.


Remediation

Install update from vendor's website.