CVE-2026-46220
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/05/2026
Last modified:
10/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission<br />
<br />
sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions<br />
that verify fence writeback addresses are dword-aligned. These<br />
assertions can be reached from unprivileged userspace via crafted<br />
DRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a<br />
scheduler worker thread.<br />
<br />
Replace both BUG_ON() calls with WARN_ON() to log the condition without<br />
crashing the kernel. A misaligned fence address at this point indicates<br />
a driver bug, but crashing the kernel is never the correct response when<br />
the assertion is reachable from userspace.<br />
<br />
The CS IOCTL path is the correct place to filter invalid submissions;<br />
the ring emission callback is too late to do anything about it.<br />
<br />
(cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.12 (including) | 5.10.258 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.175 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.140 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.90 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.32 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0b91ea46bb68abf98a082bf239092253bbd6aaa2
- https://git.kernel.org/stable/c/25e7d56a39657d56d1ea6d78992f7ed15dedb412
- https://git.kernel.org/stable/c/4f7ca00fa91daf0795ec6b3b130c5ebba1f155fe
- https://git.kernel.org/stable/c/78d2e624fa073c14970aa097adcf3ea31c157a66
- https://git.kernel.org/stable/c/a4fd82fb0757c180bf622907397c528b89a827b2
- https://git.kernel.org/stable/c/d331fb241a4602253976ddd65144a8ba2b05665d
- https://git.kernel.org/stable/c/d4c56932d29773e278be6a65a5384a36c95b89a4
- https://git.kernel.org/stable/c/ecaa80318e900ca0c3f687742ede33b41cfd2f8e



