Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46229

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-28 May, 2026 | 09:40
Updated At-28 May, 2026 | 09:40
Rejected At-
Credits

drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:28 May, 2026 | 09:40
Updated At:28 May, 2026 | 09:40
Rejected At:
▼CVE Numbering Authority (CNA)
drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
Default Status
unaffected
Versions
Affected
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1db431380879fd9d28b763a88a0c0431be5be8df (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 32b153658f017ad2f5bf8aab479e8d16ac95bc3a (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 77d0b5d11387071770246fd0185a69fa28e8e109 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 047d44d8d29a6a1a5757256837aa9dd78e3cd0b5 (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ad52d61d82181dbdb7f05826de38352d5e550cc2 (git)
  • From 0 before 6.6.140 (semver)
  • From 0 before 6.12.90 (semver)
  • From 0 before 6.18.32 (semver)
  • From 0 before 7.0.9 (semver)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
Default Status
affected
Versions
Unaffected
  • From 6.6.140 through 6.6.* (semver)
  • From 6.12.90 through 6.12.* (semver)
  • From 6.18.32 through 6.18.* (semver)
  • From 7.0.9 through 7.0.* (semver)
  • From 7.1-rc1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df
N/A
https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a
N/A
https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109
N/A
https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
N/A
https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2
N/A
Hyperlink: https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:28 May, 2026 | 10:16
Updated At:28 May, 2026 | 10:16

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
Hyperlink: https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found