Improper Initialization in Linux kernel - CVE-2026-46229
Published: May 29, 2026
Vulnerability identifier: #VU132964
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46229
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to improper initialization in the KFD VRAM allocation path when allocating VRAM buffers for compute kernels. A local user can allocate VRAM buffers and observe stale data from prior use to disclose sensitive information.
Stale page table remnants may be exposed in user buffers.
How to mitigate CVE-2026-46229
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
- https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df
- https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a
- https://git.kernel.org/stable/c/77d0b5d11387071770246fd0185a69fa28e8e109
- https://git.kernel.org/stable/c/ad52d61d82181dbdb7f05826de38352d5e550cc2