CVE-2026-46220

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission

sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions
that verify fence writeback addresses are dword-aligned. These
assertions can be reached from unprivileged userspace via crafted
DRM_IOCTL_AMDGPU_CS submissions, causing a fatal kernel panic in a
scheduler worker thread.

Replace both BUG_ON() calls with WARN_ON() to log the condition without
crashing the kernel. A misaligned fence address at this point indicates
a driver bug, but crashing the kernel is never the correct response when
the assertion is reachable from userspace.

The CS IOCTL path is the correct place to filter invalid submissions;
the ring emission callback is too late to do anything about it.

(cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)

https://git.kernel.org/stable/c/0b91ea46bb68abf98a082bf2390…

https://git.kernel.org/stable/c/0b91ea46bb68abf98a082bf239092253bbd6aaa2

https://git.kernel.org/stable/c/4f7ca00fa91daf0795ec6b3b130…

https://git.kernel.org/stable/c/4f7ca00fa91daf0795ec6b3b130c5ebba1f155fe

https://git.kernel.org/stable/c/78d2e624fa073c14970aa097adc…

https://git.kernel.org/stable/c/78d2e624fa073c14970aa097adcf3ea31c157a66

https://git.kernel.org/stable/c/a4fd82fb0757c180bf622907397…

https://git.kernel.org/stable/c/a4fd82fb0757c180bf622907397c528b89a827b2

https://git.kernel.org/stable/c/d331fb241a4602253976ddd6514…

https://git.kernel.org/stable/c/d331fb241a4602253976ddd65144a8ba2b05665d

CVE-2026-46220

Description

Iscriviti alla newsletter