CVE-2026-46229
Received Received - Intake
Memory Corruption in AMDGPU KFD VRAM Allocation

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2026-46229
EUVD
EUVD-2026-32856
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amd linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by clearing VRAM on allocation to prevent stale data exposure in the Linux kernel's drm/amdkfd component.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix where the KFD VRAM allocations set the AMDGPU_GEM_CREATE_VRAM_CLEARED flag properly.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's drm/amdkfd component where VRAM (Video RAM) allocations were not properly cleared before use. Specifically, while KFD VRAM allocations set the flag AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE, they did not set AMDGPU_GEM_CREATE_VRAM_CLEARED. As a result, freshly allocated VRAM could contain stale data from previous uses, which could be observed by compute kernels.

The GEM ioctl path correctly sets the VRAM_CLEARED flag for all userspace allocations, but the KFD path was missing this, allowing stale page table remnants to leak into user buffers. This flaw could cause crashes in RCCL P2P transport due to corruption in protocol handshake fields caused by non-zero stale data.


How can this vulnerability impact me? :

The vulnerability can lead to exposure of stale data in VRAM to compute kernels, which means sensitive or residual data from previous operations might be accessible unintentionally.

Additionally, it can cause crashes in RCCL P2P transport because stale non-zero data corrupts the protocol handshake, potentially leading to instability or denial of service in systems relying on this transport.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart