Linux · Linux · CVE-2026-45878
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
An issue exists in the drm/amdkfd component where the address watch clear code receives `watch id` as an unsigned value, but certain helper functions use a signed integer. When a very large `watch id` is passed from userspace, it can be converted to a negative value, leading to invalid shifts and potential memory access outside the `watch points` array. Specifically, the function `kfd dbg trap clear dev address watch()` fails to properly validate the `watch id` via `kfd dbg owns dev watch id()`, which can result in a buffer overflow if the value exceeds the maximum signed integer limit.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.