Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-46309

Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
08/06/2026
Última modificación:
08/07/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise<br /> <br /> Add validation in xe_vm_madvise_ioctl() to reject PAT indices with<br /> XE_COH_NONE coherency mode when applied to CPU cached memory.<br /> <br /> Using coh_none with CPU cached buffers is a security issue. When the<br /> kernel clears pages before reallocation, the clear operation stays in<br /> CPU cache (dirty). GPU with coh_none can bypass CPU caches and read<br /> stale sensitive data directly from DRAM, potentially leaking data from<br /> previously freed pages of other processes.<br /> <br /> This aligns with the existing validation in vm_bind path<br /> (xe_vm_bind_ioctl_validate_bo).<br /> <br /> v2(Matthew brost)<br /> - Add fixes<br /> - Move one debug print to better place<br /> <br /> v3(Matthew Auld)<br /> - Should be drm/xe/uapi<br /> - More Cc<br /> <br /> v4(Shuicheng Lin)<br /> - Fix kmem leak issues by the way<br /> <br /> v5<br /> - Remove kmem leak because it has been merged by another patch<br /> <br /> v6<br /> - Remove the fix which is not related to current fix<br /> <br /> v7<br /> - No change<br /> <br /> v8<br /> - Rebase<br /> <br /> v9<br /> - Limit the restrictions to iGPU<br /> <br /> v10<br /> - No change<br /> <br /> (cherry picked from commit 016ccdb674b8c899940b3944952c96a6a490d10a)

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.18 (incluyendo) 6.18.32 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (incluyendo) 7.0.9 (excluyendo)
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*