Linux Kernel DRM KFD VRAM Stale Data Leak in Allocation Path
CVE-2026-46229 Published on May 28, 2026
drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE
but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated
VRAM with stale data from prior use observable by compute kernels.
The GEM ioctl path already sets VRAM_CLEARED for all userspace
allocations via amdgpu_gem_create_ioctl() and
amdgpu_mode_dumb_create(). The KFD path was missing this flag,
allowing stale page table remnants to leak into user buffers.
This causes crashes in RCCL P2P transport where non-zero data in
ptrExchange/head/tail fields corrupts the protocol handshake.
Products Associated with CVE-2026-46229
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 6856e4b65f64eeb3f17148f79b36c1d60c627529 and below 1db431380879fd9d28b763a88a0c0431be5be8df is affected.
- Version 6856e4b65f64eeb3f17148f79b36c1d60c627529 and below 32b153658f017ad2f5bf8aab479e8d16ac95bc3a is affected.
- Version 6856e4b65f64eeb3f17148f79b36c1d60c627529 and below 77d0b5d11387071770246fd0185a69fa28e8e109 is affected.
- Version 6856e4b65f64eeb3f17148f79b36c1d60c627529 and below 047d44d8d29a6a1a5757256837aa9dd78e3cd0b5 is affected.
- Version 6856e4b65f64eeb3f17148f79b36c1d60c627529 and below ad52d61d82181dbdb7f05826de38352d5e550cc2 is affected.
- Version 5.4 is affected.
- Before 5.4 is unaffected.
- Version 6.6.140, <= 6.6.* is unaffected.
- Version 6.12.90, <= 6.12.* is unaffected.
- Version 6.18.32, <= 6.18.* is unaffected.
- Version 7.0.9, <= 7.0.* is unaffected.
- Version 7.1-rc1, <= * is unaffected.