drm: Account property blob allocations to memcg

Summary

CVE	CVE-2026-43287
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-08 14:16:35 UTC
Updated	2026-05-12 14:10:27 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that the memory is properly charged to the caller's memcg. This ensures existing cgroup memory limits apply and prevents uncontrolled kernel memory growth without introducing additional policy or per-file limits.

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.070360000 (date 2026-05-12)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a b6117210ed349356f8e6027ff020b4d620bca42b git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a 815fa29cab3c67bebb9d0b5f41145cdd3a14d04d git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a 866e0c1a9e7244d58ed74853cb22b81e1900cfdd git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a bbfaa5761f589a81031b493cb01275a990d6fb25 git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a 8e1664b9ee43608eb973d357ae5d858d30cbc9ca git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a cb8b9a1755fe9f38e4fb7f287486d7e7fab3dba4 git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a 405fd652d8fedff219a8f48daf8f20e881e303ab git	Not specified
CNA	Linux	Linux	affected e2f5d2ea479b9b2619965d43db70939589afe43a 26b4309a3ab82a0697751cde52eb336c29c19035 git	Not specified
CNA	Linux	Linux	affected 4.2	Not specified
CNA	Linux	Linux	unaffected 4.2 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.252 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.202 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.165 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.128 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.75 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.16 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.6 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/bbfaa5761f589a81031b493cb01275a990d6fb25	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/866e0c1a9e7244d58ed74853cb22b81e1900cfdd	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/cb8b9a1755fe9f38e4fb7f287486d7e7fab3dba4	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/26b4309a3ab82a0697751cde52eb336c29c19035	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/b6117210ed349356f8e6027ff020b4d620bca42b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/815fa29cab3c67bebb9d0b5f41145cdd3a14d04d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/8e1664b9ee43608eb973d357ae5d858d30cbc9ca	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/405fd652d8fedff219a8f48daf8f20e881e303ab	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.