CVE-2026-43368 Git CVE debrief

Who should care

Linux system and graphics stack administrators, especially those running kernels with the Intel i915 DRM driver and workloads that can create very large GEM shmem objects or otherwise exercise folio-backed scatterlists. Security teams should prioritize hosts where local users can reach the affected driver path.

Technical summary

The CVE record describes an overflow risk in drm/i915's shmem scatterlist handling. When folio-allocated pages are appended to one scatterlist entry and the accumulated byte length reaches or crosses 4 GB, the scatterlist .length field (unsigned int) can wrap, producing an incorrect segment length. That can lead to premature termination of the object's backing pages during remapping or fault handling, and the record includes a kernel warning at remap_sg in i915_mm.c. The fix, as described, is to ensure a single scatterlist entry never exceeds max_segment when adding folio pages.

Defensive priority

High

Recommended defensive actions

• Deploy kernel updates that include the published fix or the stable backports referenced in the NVD record.
• Inventory systems using the Intel i915 DRM driver, especially hosts exposed to large GEM shmem allocations.
• Treat repeated warnings from drivers/gpu/drm/i915/i915_mm.c:55 remap_sg as a sign to verify kernel patch level.
• Validate that downstream kernel builds include the scatterlist length cap change for folio-backed pages.
• Monitor for anomalous graphics or mmap-related faults on affected systems until patched.

Evidence notes

Source corpus points to a Linux kernel drm/i915 fix for potential overflow of shmem scatterlist length, with the issue described as affecting GEM shmem objects of size 4 GB or more. The CVE record cites five kernel stable reference links and provides CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Published time is 2026-05-08T15:16:47.840Z and modified time is 2026-05-11T08:16:11.553Z.

Official resources