GHSA-V89V-4458-F6HP
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 15:30In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Set DMA segment size to avoid debug warnings
When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complaining about the over-mapping of the V3D segment length.
DMA-API: v3d 1002000000.v3d: mapping sg segment longer than device claims to support [len=8290304] [max=65536] WARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388 CPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1 Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : debug_dma_map_sg+0x330/0x388 lr : debug_dma_map_sg+0x330/0x388 sp : ffff8000829a3ac0 x29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000 x26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000 x23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002 x20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff x17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573 x14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000 x11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c x8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001 x5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280 Call trace: debug_dma_map_sg+0x330/0x388 __dma_map_sg_attrs+0xc0/0x278 dma_map_sgtable+0x30/0x58 drm_gem_shmem_get_pages_sgt+0xb4/0x140 v3d_bo_create_finish+0x28/0x130 [v3d] v3d_create_bo_ioctl+0x54/0x180 [v3d] drm_ioctl_kernel+0xc8/0x140 drm_ioctl+0x2d4/0x4d8
{
"affected": [],
"aliases": [
"CVE-2026-43302"
],
"database_specific": {
"cwe_ids": [
"CWE-131"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:37Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Set DMA segment size to avoid debug warnings\n\nWhen using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the\nkernel occasionally reports a segment size mismatch. This is because\n\u0027max_seg_size\u0027 is not set. The kernel defaults to 64K. setting\n\u0027max_seg_size\u0027 to the maximum will prevent \u0027debug_dma_map_sg()\u0027\nfrom complaining about the over-mapping of the V3D segment length.\n\nDMA-API: v3d 1002000000.v3d: mapping sg segment longer than device\n claims to support [len=8290304] [max=65536]\nWARNING: CPU: 0 PID: 493 at kernel/dma/debug.c:1179 debug_dma_map_sg+0x330/0x388\nCPU: 0 UID: 0 PID: 493 Comm: Xorg Not tainted 6.12.53-yocto-standard #1\nHardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : debug_dma_map_sg+0x330/0x388\nlr : debug_dma_map_sg+0x330/0x388\nsp : ffff8000829a3ac0\nx29: ffff8000829a3ac0 x28: 0000000000000001 x27: ffff8000813fe000\nx26: ffffc1ffc0000000 x25: ffff00010fdeb760 x24: 0000000000000000\nx23: ffff8000816a9bf0 x22: 0000000000000001 x21: 0000000000000002\nx20: 0000000000000002 x19: ffff00010185e810 x18: ffffffffffffffff\nx17: 69766564206e6168 x16: 74207265676e6f6c x15: 20746e656d676573\nx14: 20677320676e6970 x13: 5d34303334393134 x12: 0000000000000000\nx11: 00000000000000c0 x10: 00000000000009c0 x9 : ffff8000800e0b7c\nx8 : ffff00010a315ca0 x7 : ffff8000816a5110 x6 : 0000000000000001\nx5 : 000000000000002b x4 : 0000000000000002 x3 : 0000000000000008\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00010a315280\nCall trace:\n debug_dma_map_sg+0x330/0x388\n __dma_map_sg_attrs+0xc0/0x278\n dma_map_sgtable+0x30/0x58\n drm_gem_shmem_get_pages_sgt+0xb4/0x140\n v3d_bo_create_finish+0x28/0x130 [v3d]\n v3d_create_bo_ioctl+0x54/0x180 [v3d]\n drm_ioctl_kernel+0xc8/0x140\n drm_ioctl+0x2d4/0x4d8",
"id": "GHSA-v89v-4458-f6hp",
"modified": "2026-05-15T15:30:33Z",
"published": "2026-05-08T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43302"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0290934d30abe7c88e18140fd5184c3f386b1e44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14d0d6c8b4504a60cfeea74775ab2e0164019e65"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/225023e3619b81af6d8d0e680503fc2d68633023"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2663ef70c6123b2232190f917275e5c3175f97d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9eb018828b1b30dfba689c060735c50fc5b9f704"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf510785f74e74c54de40a43a955b7f844857487"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db15f469a88d3bbeeaa9f8c9f5e74d856ba5d7d2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.