CVE-2026-46229
MEDIUMdrm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.
References (5)
Core 5
Core References
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
2.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (27)
linux/Kernel
5.4.0 - 6.6.140linux
linux/Kernel
6.13.0 - 6.18.32linux
linux/Kernel
6.19.0 - 7.0.9linux
linux/Kernel
6.7.0 - 6.12.90linux
Linux/Linux
< 5.4
Linux/Linux
< 6.12.90
Linux/Linux
< 6.18.32
Linux/Linux
< 6.6.140
Linux/Linux
< 7.0.9
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
... and 17 more
Published
May 28, 2026
Tracked Since
May 28, 2026