CVE-2026-46309

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/uapi: Reject coh none PAT index for CPU cached memory in madvise

Add validation in xe vm madvise ioctl() to reject PAT indices with XE COH NONE coherency mode when applied to CPU cached memory.

Using coh none with CPU cached buffers is a security issue. When the kernel clears pages before reallocation, the clear operation stays in CPU cache (dirty). GPU with coh none can bypass CPU caches and read stale sensitive data directly from DRAM, potentially leaking data from previously freed pages of other processes.

This aligns with the existing validation in vm bind path (xe vm bind ioctl validate bo).

v2(Matthew brost)

Add fixes
Move one debug print to better place

v3(Matthew Auld)

Should be drm/xe/uapi
More Cc

v4(Shuicheng Lin)

Fix kmem leak issues by the way

Remove kmem leak because it has been merged by another patch

Remove the fix which is not related to current fix

No change

Rebase

Limit the restrictions to iGPU

v10

No change

(cherry picked from commit 016ccdb674b8c899940b3944952c96a6a490d10a)

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-46309

Affected Products

Linux

CVE-2026-46309

Related Identifiers

Affected Products

References · 4