CVE-2026-46229

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/05/2026
Last modified:
10/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure<br /> <br /> KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE<br /> but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated<br /> VRAM with stale data from prior use observable by compute kernels.<br /> <br /> The GEM ioctl path already sets VRAM_CLEARED for all userspace<br /> allocations via amdgpu_gem_create_ioctl() and<br /> amdgpu_mode_dumb_create(). The KFD path was missing this flag,<br /> allowing stale page table remnants to leak into user buffers.<br /> <br /> This causes crashes in RCCL P2P transport where non-zero data in<br /> ptrExchange/head/tail fields corrupts the protocol handshake.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4 (including) 6.6.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.90 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.32 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.9 (excluding)