CVE-2026-46309
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/06/2026
Last modified:
08/07/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise<br />
<br />
Add validation in xe_vm_madvise_ioctl() to reject PAT indices with<br />
XE_COH_NONE coherency mode when applied to CPU cached memory.<br />
<br />
Using coh_none with CPU cached buffers is a security issue. When the<br />
kernel clears pages before reallocation, the clear operation stays in<br />
CPU cache (dirty). GPU with coh_none can bypass CPU caches and read<br />
stale sensitive data directly from DRAM, potentially leaking data from<br />
previously freed pages of other processes.<br />
<br />
This aligns with the existing validation in vm_bind path<br />
(xe_vm_bind_ioctl_validate_bo).<br />
<br />
v2(Matthew brost)<br />
- Add fixes<br />
- Move one debug print to better place<br />
<br />
v3(Matthew Auld)<br />
- Should be drm/xe/uapi<br />
- More Cc<br />
<br />
v4(Shuicheng Lin)<br />
- Fix kmem leak issues by the way<br />
<br />
v5<br />
- Remove kmem leak because it has been merged by another patch<br />
<br />
v6<br />
- Remove the fix which is not related to current fix<br />
<br />
v7<br />
- No change<br />
<br />
v8<br />
- Rebase<br />
<br />
v9<br />
- Limit the restrictions to iGPU<br />
<br />
v10<br />
- No change<br />
<br />
(cherry picked from commit 016ccdb674b8c899940b3944952c96a6a490d10a)
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.18 (including) | 6.18.32 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39
- https://git.kernel.org/stable/c/87f9b1528e1ffc1da3615d552c9a06aba5e20b00
- https://git.kernel.org/stable/c/fea04cf6f2345bc50f15b6638906c35962b89424
- https://access.redhat.com/security/cve/CVE-2026-46309
- https://bugzilla.redhat.com/show_bug.cgi?id=2486468
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46309.json



