SB2026052964 - Improper Initialization in Linux kernel amd amdgpu driver



SB2026052964 - Improper Initialization in Linux kernel amd amdgpu driver

Published: May 29, 2026

Security Bulletin ID SB2026052964
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper Initialization (CVE-ID: CVE-2026-46229)

CWE-ID: CWE-665 - Improper Initialization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper initialization in the KFD VRAM allocation path when allocating VRAM buffers for compute kernels. A local user can allocate VRAM buffers and observe stale data from prior use to disclose sensitive information.

Stale page table remnants may be exposed in user buffers.


Remediation

Install update from vendor's website.