CVE-2026-46197: Linux Kernel AMD KFD SVM Out-of-Bounds Buffer Access
A validation flaw exists in the Linux kernel's AMD KFD (Kernel Fusion Driver) component that handles GPU compute memory management. The SVM (Shared Virtual Memory) ioctl handler fails to properly validate a user-supplied attribute count field before using it to access a buffer, creating an opportunity for an unprivileged local user to read or write memory outside the intended boundaries. This is a local privilege escalation and information disclosure vulnerability that requires an attacker to already have user-level access to the system.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-787
- Affected products
- 2 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. (cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f)
7 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46197 is an out-of-bounds buffer access vulnerability in the drm/amdkfd SVM ioctl implementation. The nattr field—which specifies the number of attributes—is not validated against the actual buffer size before being used to index or iterate through memory. An attacker with local user privileges can craft a malicious ioctl call with an inflated nattr value, causing the kernel to access memory beyond the allocated buffer. This maps to CWE-787 (Out-of-bounds Write), though the vulnerability also enables out-of-bounds reads depending on access patterns. The fix validates nattr against the buffer size before processing.
Business impact
Exploitation allows local privilege escalation and potential information disclosure on systems running affected Linux kernel versions with AMD GPU drivers enabled. An attacker gaining code execution in the kernel context could compromise system confidentiality, integrity, and availability. For organizations relying on GPU-accelerated workloads (AI/ML, scientific computing, rendering), this vulnerability could be chained with other exploits to establish persistent control. The impact is limited to local attackers, but the HIGH severity reflects the breadth of control granted once the boundary is crossed.
Affected systems
The vulnerability affects all Linux kernel versions with the vulnerable SVM ioctl validation code path in drm/amdkfd. This component is present in kernels compiled with AMD KFD support enabled (CONFIG_HSA_AMD). Systems without AMD GPUs or with KFD disabled are not affected. The vulnerability was resolved via commit 5eca8bfdfa456c3304ca77523718fe24254c172f. Patch availability and version information should be verified against the specific Linux distribution's advisory.
Exploitability
Exploitability is straightforward for a local attacker already on the system. No special privileges beyond normal user rights are required to invoke the vulnerable ioctl. The vulnerability does not require user interaction and has low attack complexity—crafting a malicious ioctl payload is relatively simple given the nature of the flaw. However, the attacker must have local system access; remote exploitation is not possible. This is not tracked in the CISA KEV catalog, indicating no evidence of widespread active exploitation in the wild at this time.
Remediation
Organizations should apply kernel updates that include the fix from commit 5eca8bfdfa456c3304ca77523718fe24254c172f or later. This typically involves upgrading to patched stable kernel versions from your Linux distribution. Verify the specific version numbers against your vendor's security advisory. Interim mitigations include restricting local user access or disabling KFD if GPU compute workloads are not required, though this is impractical for most deployments.
Patch guidance
Contact your Linux distribution maintainer (Red Hat, Debian, Ubuntu, SUSE, etc.) or consult kernel.org security advisories for patched versions. The fix is available upstream and has been backported to stable branches. Apply patches according to your change management process, prioritizing systems with both AMD GPUs and local user access. Test patches in a staging environment first, particularly for GPU-accelerated workloads, to ensure driver stability and application compatibility.
Detection guidance
Monitor for unusual ioctl calls targeting /dev/kfd, particularly those with suspiciously large nattr values relative to buffer sizes. Kernel-level auditing of amdkfd ioctl invocations can surface exploit attempts. Host-based intrusion detection systems should flag processes attempting to trigger out-of-bounds memory access patterns in GPU driver code. System call tracing (strace) can reveal anomalous ioctl patterns, though detection at scale requires runtime monitoring solutions. Post-exploitation forensics should examine kernel logs for memory access violations or oops events.
Why prioritize this
This vulnerability merits HIGH priority because it enables local privilege escalation with low complexity exploitation, affecting the integrity and confidentiality of the entire system. While limited to local attackers, in multi-tenant GPU clusters or shared computing environments, the risk is acute. The presence of a simple validation fix suggests the issue is straightforward to exploit. Organizations with AMD GPUs in accessible systems (developer workstations, HPC clusters, cloud instances with GPU passthrough) should patch urgently.
Risk score, explained
The CVSS 3.1 score of 7.8 (HIGH) reflects high impact across confidentiality, integrity, and availability (all marked 'H'), combined with low attack complexity and no special privileges required. The local attack vector and user-level privileges reduce the maximum possible score, but the broad control granted upon exploitation justifies the HIGH severity rating. The score accurately captures a locally exploitable privilege escalation with serious post-exploitation capabilities.
Frequently asked questions
Does this vulnerability affect AMD GPUs in consumer systems?
Only if the Linux kernel was compiled with HSA_AMD (KFD) support enabled. Most desktop distributions do enable this by default if an AMD GPU is present. Check your kernel config or contact your distribution for specifics. Systems using only integrated graphics or non-AMD discrete GPUs are unaffected.
Can this be exploited remotely?
No. The vulnerability requires local system access to invoke the ioctl. Remote exploitation is not possible without first gaining shell or process execution on the target system.
What should I do if I cannot patch immediately?
Restrict local user shell access if feasible, disable KFD via module blacklisting if GPU compute is not needed, or isolate affected systems from untrusted users. For multi-user systems, monitor for suspicious ioctl activity. Patching should remain the priority.
Is this exploited in the wild?
No public evidence of active exploitation exists. The vulnerability is not tracked in the CISA Known Exploited Vulnerabilities catalog. However, the straightforward nature of the flaw makes it a logical post-access target in privilege escalation chains.
This analysis is based on public vulnerability data as of the stated publication date. Patch version numbers, affected releases, and CVSS scores are derived from authoritative vendor sources and should be verified against official Linux distribution security advisories before deployment decisions. This vulnerability requires local access and does not affect systems without AMD KFD support or AMD GPUs. No exploit code or weaponized proof-of-concept is discussed. Organizations should conduct their own risk assessment based on their specific kernel versions, GPU configurations, and threat model. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10883HIGHType Confusion in Chrome ANGLE Graphics Library
- CVE-2026-10897HIGHCritical Chrome GPU Sandbox Escape Vulnerability
- CVE-2026-10907HIGHChrome ANGLE Out-of-Bounds Write – Remote Code Execution Risk
- CVE-2026-10941HIGHSkia Out-of-Bounds Memory Vulnerability in Chrome – Urgent Patch Required
- CVE-2026-46123HIGHLinux Kernel Virtio Bluetooth Memory Disclosure Vulnerability
- CVE-2026-46136HIGHLinux MT7921 Wi-Fi Driver Buffer Underflow – Patching Guide
- CVE-2026-46145HIGHLinux Kernel RDMA/mana Buffer Overflow – Local Privilege Escalation
- CVE-2026-46173HIGHLinux Kernel Task Exit Scheduler Vulnerability (CVSS 7.8)