CVE-2026-46229

MEDIUM

drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (27)
linux/Kernel 5.4.0 - 6.6.140linux
linux/Kernel 6.13.0 - 6.18.32linux
linux/Kernel 6.19.0 - 7.0.9linux
linux/Kernel 6.7.0 - 6.12.90linux
Linux/Linux < 5.4
Linux/Linux < 6.12.90
Linux/Linux < 6.18.32
Linux/Linux < 6.6.140
Linux/Linux < 7.0.9
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
... and 17 more
Published May 28, 2026
Tracked Since May 28, 2026