CVE-2026-43302 (GCVE-0-2026-43302)

Vulnerability from cvelistv5 – Published: 2026-05-08 13:11 – Updated: 2026-05-11 22:21
VLAI
Title
drm/v3d: Set DMA segment size to avoid debug warnings
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complaining about the over-mapping of the V3D segment length. DMA-API: v3d 1002000000.v3d: mapping sg segment longer than device claims to support [len=8290304] [max=65536] WARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388 CPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1 Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : debug_dma_map_sg+0x330/0x388 lr : debug_dma_map_sg+0x330/0x388 sp : ffff8000829a3ac0 x29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000 x26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000 x23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002 x20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff x17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573 x14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000 x11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c x8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001 x5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280 Call trace: debug_dma_map_sg+0x330/0x388 __dma_map_sg_attrs+0xc0/0x278 dma_map_sgtable+0x30/0x58 drm_gem_shmem_get_pages_sgt+0xb4/0x140 v3d_bo_create_finish+0x28/0x130 [v3d] v3d_create_bo_ioctl+0x54/0x180 [v3d] drm_ioctl_kernel+0xc8/0x140 drm_ioctl+0x2d4/0x4d8
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < 14d0d6c8b4504a60cfeea74775ab2e0164019e65 (git)
Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < 225023e3619b81af6d8d0e680503fc2d68633023 (git)
Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < 2663ef70c6123b2232190f917275e5c3175f97d0 (git)
Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < cf510785f74e74c54de40a43a955b7f844857487 (git)
Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < 0290934d30abe7c88e18140fd5184c3f386b1e44 (git)
Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2 (git)
Affected: 57692c94dcbe99a1e0444409a3da13fb3443562c , < 9eb018828b1b30dfba689c060735c50fc5b9f704 (git)
Create a notification for this product.
Linux Linux Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.15.202 , ≤ 5.15.* (semver)
Unaffected: 6.1.165 , ≤ 6.1.* (semver)
Unaffected: 6.6.128 , ≤ 6.6.* (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.16 , ≤ 6.18.* (semver)
Unaffected: 6.19.6 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/v3d/v3d_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "14d0d6c8b4504a60cfeea74775ab2e0164019e65",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            },
            {
              "lessThan": "225023e3619b81af6d8d0e680503fc2d68633023",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            },
            {
              "lessThan": "2663ef70c6123b2232190f917275e5c3175f97d0",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            },
            {
              "lessThan": "cf510785f74e74c54de40a43a955b7f844857487",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            },
            {
              "lessThan": "0290934d30abe7c88e18140fd5184c3f386b1e44",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            },
            {
              "lessThan": "db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            },
            {
              "lessThan": "9eb018828b1b30dfba689c060735c50fc5b9f704",
              "status": "affected",
              "version": "57692c94dcbe99a1e0444409a3da13fb3443562c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/v3d/v3d_drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Set DMA segment size to avoid debug warnings\n\nWhen using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the\nkernel occasionally reports a segment size mismatch. This is because\n\u0027max_seg_size\u0027 is not set. The kernel defaults to 64K. setting\n\u0027max_seg_size\u0027 to the maximum will prevent \u0027debug_dma_map_sg()\u0027\nfrom complaining about the over-mapping of the V3D segment length.\n\nDMA-API: v3d 1002000000.v3d: mapping sg segment longer than device\n claims to support [len=8290304] [max=65536]\nWARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388\nCPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1\nHardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : debug_dma_map_sg+0x330/0x388\nlr : debug_dma_map_sg+0x330/0x388\nsp : ffff8000829a3ac0\nx29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000\nx26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000\nx23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002\nx20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff\nx17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573\nx14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000\nx11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c\nx8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001\nx5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280\nCall trace:\n debug_dma_map_sg+0x330/0x388\n __dma_map_sg_attrs+0xc0/0x278\n dma_map_sgtable+0x30/0x58\n drm_gem_shmem_get_pages_sgt+0xb4/0x140\n v3d_bo_create_finish+0x28/0x130 [v3d]\n v3d_create_bo_ioctl+0x54/0x180 [v3d]\n drm_ioctl_kernel+0xc8/0x140\n drm_ioctl+0x2d4/0x4d8"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:21:55.721Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/14d0d6c8b4504a60cfeea74775ab2e0164019e65"
        },
        {
          "url": "https://git.kernel.org/stable/c/225023e3619b81af6d8d0e680503fc2d68633023"
        },
        {
          "url": "https://git.kernel.org/stable/c/2663ef70c6123b2232190f917275e5c3175f97d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf510785f74e74c54de40a43a955b7f844857487"
        },
        {
          "url": "https://git.kernel.org/stable/c/0290934d30abe7c88e18140fd5184c3f386b1e44"
        },
        {
          "url": "https://git.kernel.org/stable/c/db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9eb018828b1b30dfba689c060735c50fc5b9f704"
        }
      ],
      "title": "drm/v3d: Set DMA segment size to avoid debug warnings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43302",
    "datePublished": "2026-05-08T13:11:22.886Z",
    "dateReserved": "2026-05-01T14:12:56.000Z",
    "dateUpdated": "2026-05-11T22:21:55.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-43302",
      "date": "2026-05-28",
      "epss": "0.00018",
      "percentile": "0.04822"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-43302\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-08T14:16:37.447\",\"lastModified\":\"2026-05-15T13:34:21.370\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/v3d: Set DMA segment size to avoid debug warnings\\n\\nWhen using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the\\nkernel occasionally reports a segment size mismatch. This is because\\n\u0027max_seg_size\u0027 is not set. The kernel defaults to 64K. setting\\n\u0027max_seg_size\u0027 to the maximum will prevent \u0027debug_dma_map_sg()\u0027\\nfrom complaining about the over-mapping of the V3D segment length.\\n\\nDMA-API: v3d 1002000000.v3d: mapping sg segment longer than device\\n claims to support [len=8290304] [max=65536]\\nWARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388\\nCPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1\\nHardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\npc : debug_dma_map_sg+0x330/0x388\\nlr : debug_dma_map_sg+0x330/0x388\\nsp : ffff8000829a3ac0\\nx29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000\\nx26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000\\nx23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002\\nx20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff\\nx17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573\\nx14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000\\nx11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c\\nx8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001\\nx5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008\\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280\\nCall trace:\\n debug_dma_map_sg+0x330/0x388\\n __dma_map_sg_attrs+0xc0/0x278\\n dma_map_sgtable+0x30/0x58\\n drm_gem_shmem_get_pages_sgt+0xb4/0x140\\n v3d_bo_create_finish+0x28/0x130 [v3d]\\n v3d_create_bo_ioctl+0x54/0x180 [v3d]\\n drm_ioctl_kernel+0xc8/0x140\\n drm_ioctl+0x2d4/0x4d8\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.18\",\"versionEndExcluding\":\"5.15.202\",\"matchCriteriaId\":\"ECCCB6D8-FB4F-4A5D-BDE0-C63C378DE186\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.165\",\"matchCriteriaId\":\"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.128\",\"matchCriteriaId\":\"851E9353-6C09-4CC9-877E-E09DB164A3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.75\",\"matchCriteriaId\":\"BCE16369-98ED-41CF-8995-DFDC10B288D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.16\",\"matchCriteriaId\":\"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.6\",\"matchCriteriaId\":\"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0290934d30abe7c88e18140fd5184c3f386b1e44\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/14d0d6c8b4504a60cfeea74775ab2e0164019e65\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/225023e3619b81af6d8d0e680503fc2d68633023\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2663ef70c6123b2232190f917275e5c3175f97d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9eb018828b1b30dfba689c060735c50fc5b9f704\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cf510785f74e74c54de40a43a955b7f844857487\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.