drm/amdgpu: fix zero-size GDS range init on RDNA4

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-46276
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-06-08 17:16:45 UTC
Updated2026-06-08 17:16:45 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory resources. The gfx_v12_0 initialisation code correctly leaves adev->gds.gds_size, adev->gds.gws_size, and adev->gds.oa_size at zero to reflect this. amdgpu_ttm_init() unconditionally calls amdgpu_ttm_init_on_chip() for each of these resources regardless of size. When the size is zero, amdgpu_ttm_init_on_chip() forwards the call to ttm_range_man_init(), which calls drm_mm_init(mm, 0, 0). drm_mm_init() immediately fires DRM_MM_BUG_ON(start + size <= start) -- trivially true when size is zero -- crashing the kernel during modprobe of amdgpu on an RX 9070 XT. Guard against this by returning 0 early from amdgpu_ttm_init_on_chip() when size_in_page is zero. This skips TTM resource manager registration for hardware resources that are absent, without affecting any other GPU type. DRM_MM_BUG_ON() only asserts if CONFIG_DRM_DEBUG_MM is enabled in the kernel config. This is apparently rarely enabled as these chips have been in the market for over a year and this issue was only reported now. Oops-Analysis: http://oops.fenrus.org/reports/bugzilla.korg/221376/report.html (cherry picked from commit 5719ce5865279cad4fd5f01011fe037168503f2d)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1f5d33e7b0a9a2a140f46e22fb52eede323c5946 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 9bc925759c05feae7dfa9570e77131d54729c8ea git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 36f9602fb22ede69fcc8b422be0cf8105bf655ad git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 be0376affcafa0bbb371bb501579a825eae32281 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 0e21db1a77967bc15df662efdca8ea8a61d124ea git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 30c000a49094ec568c9b51b7421f7a4a3f0b0298 git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 3e26c76891ab99fa173e9c501119fbb5c9f4600f git Not specified
CNA Linux Linux affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 095a8b0ad3c3b5cdc3850d961adb8a8f735220bb git Not specified
CNA Linux Linux affected 5.10.258 semver Not specified
CNA Linux Linux affected 5.15.209 semver Not specified
CNA Linux Linux affected 6.1.175 semver Not specified
CNA Linux Linux affected 6.6.140 semver Not specified
CNA Linux Linux affected 6.12.86 semver Not specified
CNA Linux Linux affected 6.18.27 semver Not specified
CNA Linux Linux affected 7.0.4 semver Not specified
CNA Linux Linux unaffected 5.10.258 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.209 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.175 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.140 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.86 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.27 6.18.* semver Not specified
CNA Linux Linux unaffected 7.0.4 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1-rc2 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/9bc925759c05feae7dfa9570e77131d54729c8ea 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/0e21db1a77967bc15df662efdca8ea8a61d124ea 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/1f5d33e7b0a9a2a140f46e22fb52eede323c5946 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/be0376affcafa0bbb371bb501579a825eae32281 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/30c000a49094ec568c9b51b7421f7a4a3f0b0298 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/36f9602fb22ede69fcc8b422be0cf8105bf655ad 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/3e26c76891ab99fa173e9c501119fbb5c9f4600f 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report