CVE-2026-46220

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/sdma4: replace BUG ON with WARN ON in fence emission

sdma v4 0 ring emit fence() contains two BUG ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged userspace via crafted DRM IOCTL AMDGPU CS submissions, causing a fatal kernel panic in a scheduler worker thread.

Replace both BUG ON() calls with WARN ON() to log the condition without crashing the kernel. A misaligned fence address at this point indicates a driver bug, but crashing the kernel is never the correct response when the assertion is reachable from userspace.

The CS IOCTL path is the correct place to filter invalid submissions; the ring emission callback is too late to do anything about it.

(cherry picked from commit b90250bd933afd1ba94d86d6b13821997b22b18e)