Heap-based buffer overflow in Linux kernel - CVE-2026-53143
Published: June 26, 2026
Vulnerability identifier: #VU135647
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53143
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information and corrupt memory.
The vulnerability exists due to a heap-based buffer overflow in the amdkfd v11 MQD manager SDMA queue checkpoint and restore handlers when processing CRIU checkpoint and restore operations for SDMA queues on GFX11. A local user can trigger checkpoint or restore of an SDMA queue to disclose sensitive information and corrupt memory.
The issue is specific to v11 SDMA queues on Navi3x during CRIU checkpoint and restore.
How to mitigate CVE-2026-53143
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/16dad1fb0d783a4008de30e32d0038c393de05b1
- https://git.kernel.org/stable/c/2c5b66c9b4057b385566940935ebc32f6e6ebfd2
- https://git.kernel.org/stable/c/352ea59028ea48a6fff77f19ae28f98f71946a80
- https://git.kernel.org/stable/c/d02f05d30f35b036f7cbaf72de634affb5b38ec6
- https://git.kernel.org/stable/c/d3efcadfe3eea5b4263b8f2d4463b15c9fc46a64