Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE
but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated
VRAM with stale data from prior use observable by compute kernels.

The GEM ioctl path already sets VRAM_CLEARED for all userspace
allocations via amdgpu_gem_create_ioctl() and
amdgpu_mode_dumb_create(). The KFD path was missing this flag,
allowing stale page table remnants to leak into user buffers.

This causes crashes in RCCL P2P transport where non-zero data in
ptrExchange/head/tail fields corrupts the protocol handshake.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allowed compute kernels with access to AMDGPU VRAM to read stale data that remained from previous allocations before the buffer was wiped, exposing potentially sensitive information and causing crashes when pointer exchange fields were corrupted. This is an information exposure flaw that could allow privileged users to leak data from GPU memory.

Affected Systems

Linux kernel across all distributions. No specific fixed version is listed in the CVE data; the patch is incorporated via the provided commit hashes.

Risk and Exploitability

The issue is local to systems running the AMD Kernel Fusion Driver. An attacker who can execute compute kernels on the affected host could read stale VRAM content. Although EPSS and KEV data are not available, the flaw has a high potential impact for privileged users and requires timely remediation.

Generated by OpenCVE AI on May 28, 2026 at 12:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the patch (e.g., after the commits shown in the reference URLs).
  • If a kernel update cannot be applied immediately, disable or refrain from using KFD compute workloads until the kernel is updated.
  • Keep AMD GPU drivers and firmware up to date, as they may contain additional mitigations for VRAM handling.

Generated by OpenCVE AI on May 28, 2026 at 12:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-548

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.
Title drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:40:51.300Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46229

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:38.520

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T17:30:15Z

Weaknesses