SB2026052964 - Improper Initialization in Linux kernel amd amdgpu driver
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Initialization (CVE-ID: CVE-2026-46229)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper initialization in the KFD VRAM allocation path when allocating VRAM buffers for compute kernels. A local user can allocate VRAM buffers and observe stale data from prior use to disclose sensitive information.
Stale page table remnants may be exposed in user buffers.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
- https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df
- https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a
- https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109
- https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2