VDB

CVE-2026-43287

CVE-2026-43287 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that the memory is properly charged to the caller's memcg. This ensures existing cgroup memory limits apply and prevents uncontrolled kernel memory growth without introducing additional policy or per-file limits.

EPSS 0.01% · 2.4th percentile

Risk Scores

EPSS Score
0.01%
2.4th percentile

Affected Products

VendorProductVersions
LinuxLinux*, 6.1.165, 6.12.75
linuxlinux_kernel0, 0, 0

Timeline

  • May 8, 2026 CVE Published
  • May 8, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›