CVE-2026-46220: Linux AMDGPU Kernel Panic DoS Vulnerability
A vulnerability in the Linux kernel's AMD GPU driver allows an unprivileged user to crash the system by submitting specially crafted graphics commands. The driver was using an overly aggressive error check (BUG_ON) that would panic the entire kernel when it detected a misaligned memory address—even though the real fix should have happened earlier in the validation pipeline. By replacing these fatal assertions with warnings, the system can log the problem without crashing, while proper validation is moved to the correct layer of the code.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-617
- Affected products
- 3 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged userspace via crafted DRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a scheduler worker thread. Replace both BUG_ON() calls with WARN_ON() to log the condition without crashing the kernel. A misaligned fence address at this point indicates a driver bug, but crashing the kernel is never the correct response when the assertion is reachable from userspace. The CS IOCTL path is the correct place to filter invalid submissions; the ring emission callback is too late to do anything about it. (cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)
8 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46220 affects the AMDGPU SDMA v4.0 ring emission code in the Linux kernel. The sdma_v4_0_ring_emit_fence() function contains two BUG_ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions are reachable from unprivileged userspace via the DRM_IOCTL_AMDGPU_CS ioctl path, which accepts compute shader job submissions. A crafted submission with a misaligned fence address triggers the assertion, causing a kernel panic in the scheduler worker thread. The fix converts both BUG_ON() calls to WARN_ON() calls, allowing the condition to be logged without terminating the kernel. Proper validation should occur at the CS ioctl entry point rather than during ring emission.
Business impact
This vulnerability enables a local denial-of-service attack against systems running affected Linux kernels with AMDGPU support. Any unprivileged local user can crash the entire operating system, disrupting services and potentially causing data loss from ungraceful shutdown. On multi-tenant systems, container hosts, or shared compute platforms, this poses a significant availability risk. The attack requires no special privileges, authentication, or system access beyond basic user-level ioctl permissions.
Affected systems
Linux kernel systems with AMD GPU (AMDGPU) driver support. The specific code path affected is sdma_v4_0_ring_emit_fence() in the SDMA v4.0 ring code. Any kernel version including this function without the fix is vulnerable. Systems using AMDGPU for graphics or compute (including RDNA, NAVI, and earlier GPU families supported by SDMA v4) are affected. Non-AMDGPU systems are not vulnerable.
Exploitability
Exploitability is straightforward for local attackers. The attack vector is a standard DRM ioctl that any unprivileged user can invoke. No special kernel capabilities, driver compilation flags, or hardware configuration is required—only local user access and the ability to execute code or use command-line tools. Proof-of-concept exploitation requires crafting a DRM_IOCTL_AMDGPU_CS command with a misaligned fence address, which is well within reach of a motivated attacker. Remote exploitation is not possible.
Remediation
Apply the kernel patch that replaces the two BUG_ON(addr & 0x3) assertions in sdma_v4_0_ring_emit_fence() with WARN_ON(addr & 0x3) equivalents. Additionally, ensure that proper validation of fence addresses occurs at the CS ioctl entry point before reaching the ring emission callback. Verify that your Linux distribution or kernel vendor has included commit b90250bd933afd1ba94d86d6b13821997b22b18e or an equivalent fix in their kernel builds. This is a low-complexity fix that should be backported to all stable kernel series.
Patch guidance
Verify the kernel version installed on affected systems and cross-reference against your Linux distribution or vendor's security advisory for the patched kernel version. The upstream fix was cherry-picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e. Most distributions (Red Hat, Debian, Ubuntu, etc.) will backport this fix to their stable branches. Check your distribution's errata or security notices for the specific patched kernel build. Kernel rebuild or in-place kernel update may be required; plan reboot maintenance accordingly.
Detection guidance
Monitor system logs (dmesg, journalctl) for WARN_ON messages from sdma_v4_0_ring_emit_fence() that include misaligned address conditions. An increase in such warnings may indicate active exploitation attempts. On patched systems, the kernel will continue running and emit a warning instead of panicking, making this detectable. Intrusion detection systems can monitor for suspicious DRM_IOCTL_AMDGPU_CS submissions, though distinguishing malicious from benign usage may be challenging. Most effective detection is via kernel crash dumps: if an unpatched system crash correlates with graphics-related stack traces, this vulnerability may be the cause.
Why prioritize this
Although the CVSS score is moderate (5.5), the ease of exploitation and immediate impact warrant prioritization. Any unprivileged user can crash the entire system without race conditions or complex techniques, making this a high-availability risk. Organizations relying on AMDGPU compute or graphics must patch urgently. Systems in high-availability environments, shared hosting, or unattended compute clusters should be prioritized first.
Risk score, explained
CVSS 3.1 score of 5.5 (Medium severity) reflects a local-only attack vector (AV:L), low complexity (AC:L), low privilege requirement (PR:L), and high availability impact (A:H) with no confidentiality or integrity consequences. The score appropriately captures the severity of a local DoS, though the ease of exploitation and lack of any mitigating factors elevate practical risk beyond the numerical score for many environments. Organizations should weigh their exposure to local attackers and system criticality accordingly.
Frequently asked questions
Can this vulnerability be exploited remotely?
No. The attack requires local user access to the system and the ability to invoke DRM ioctls. There is no network-based exploitation vector.
Do systems without AMD GPUs need to patch?
No. The vulnerable code is specific to the AMDGPU driver. Systems using NVIDIA, Intel integrated graphics, or other non-AMD GPUs are not affected. Verify your GPU driver configuration if uncertain.
What happens on a patched system if misaligned fence addresses are submitted?
The kernel logs a warning message (via WARN_ON) and continues execution. The submission may still fail validation at the correct layer (CS ioctl), but the system will not panic. This is the intended safe behavior.
Is this a privilege escalation vulnerability?
No. It is a denial-of-service vulnerability. A low-privilege user can crash the system but cannot gain elevated privileges, read protected memory, or modify kernel data structures.
This analysis is provided for informational purposes to assist security professionals in risk assessment and remediation planning. The vulnerability details and patch information originate from Linux kernel security advisories and commit records. Always verify patch availability and compatibility against your specific Linux distribution and kernel version through official vendor channels. While this vulnerability is not currently tracked on CISA's KEV catalog and does not have an assigned ransomware association, its ease of exploitation warrants rapid remediation in affected environments. Actual exploitation may vary based on system configuration, access controls, and kernel hardening measures in place. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-46117HIGHLinux RDMA/mana Kernel Privilege Escalation via Invalid Queue Pair Configuration
- CVE-2026-10300LOWSGLang Inference Endpoint Assertion Failure Vulnerability (CWE-617)
- CVE-2026-37220HIGHFlexRIC v2.0.0 Denial of Service via SCTP Assertion Failure
- CVE-2026-37221HIGHFlexRIC v2.0.0 Unauthenticated Denial-of-Service via RIC Message Crash
- CVE-2026-37222HIGHFlexRIC E2AP Denial-of-Service Vulnerability – Analysis & Remediation
- CVE-2026-37223HIGHFlexRIC E2AP Dispatcher Assertion DoS – High-Severity O-RAN Vulnerability
- CVE-2026-37224HIGHFlexRIC v2.0.0 Denial of Service Vulnerability (CVE-2026-37224) — E2_SETUP_REQUEST Crash
- CVE-2026-37225HIGHFlexRIC v2.0.0 Remote Denial of Service