U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-43287 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocating process's memory cgroup, allowing unprivileged users to trigger unbounded kernel memory consumption and potentially cause system-wide OOM. Mark the property blob data allocation with GFP_KERNEL_ACCOUNT so that the memory is properly charged to the caller's memcg. This ensures existing cgroup memory limits apply and prevents uncontrolled kernel memory growth without introducing additional policy or per-file limits.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/26b4309a3ab82a0697751cde52eb336c29c19035 kernel.org Patch 
https://git.kernel.org/stable/c/405fd652d8fedff219a8f48daf8f20e881e303ab kernel.org Patch 
https://git.kernel.org/stable/c/815fa29cab3c67bebb9d0b5f41145cdd3a14d04d kernel.org Patch 
https://git.kernel.org/stable/c/866e0c1a9e7244d58ed74853cb22b81e1900cfdd kernel.org Patch 
https://git.kernel.org/stable/c/8e1664b9ee43608eb973d357ae5d858d30cbc9ca kernel.org Patch 
https://git.kernel.org/stable/c/b6117210ed349356f8e6027ff020b4d620bca42b kernel.org Patch 
https://git.kernel.org/stable/c/bbfaa5761f589a81031b493cb01275a990d6fb25 kernel.org Patch 
https://git.kernel.org/stable/c/cb8b9a1755fe9f38e4fb7f287486d7e7fab3dba4 kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-401 Missing Release of Memory after Effective Lifetime cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-43287
NVD Published Date:
05/08/2026
NVD Last Modified:
05/15/2026
Source:
kernel.org