What is CVE-2026-46229?

CVE-2026-46229 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.4 onward and patched in 6.6.140, 6.12.90, 6.18.32 and others. CVE-2026-46229 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46229?

CVE-2026-46229 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46229?

Yes, CVE-2026-46229 has been patched. Fixed versions include 6.6.140, 6.12.90, 6.18.32 and others. If you are running Linux kernel 5.4 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46229 actively exploited?

CVE-2026-46229 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE but not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated VRAM with stale data from prior use observable by compute kernels. The GEM ioctl path already sets VRAM_CLEARED for all userspace allocations via amdgpu_gem_create_ioctl() and amdgpu_mode_dumb_create(). The KFD path was missing this flag, allowing stale page table remnants to leak into user buffers. This causes crashes in RCCL P2P transport where non-zero data in ptrExchange/head/tail fields corrupts the protocol handshake.

Package Linux Kernel

Published 2026-05-28

Last modified 2026-05-28

Patch available

Yes

Affected versions

Linux kernel versions 5.4 and later are affected. Fixed in 6.6.140, 6.12.90, 6.18.32, 7.0.9, 7.1-rc1 and their respective stable series.

Affected from

≥ 5.4

Fixed in

✓ 6.6.140 6.6.x ✓ 6.12.90 6.12.x ✓ 6.18.32 6.18.x ✓ 7.0.9 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46229 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/047d44d8d29a6a1a5757256837aa9dd78e3cd0b5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1db431380879fd9d28b763a88a0c0431be5be8df
Patch
Kernel patch commit
https://git.kernel.org/stable/c/32b153658f017ad2f5bf8aab479e8d16ac95bc3a
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46229?

CVE-2026-46229 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.4 onward and has been patched in 6.6.140, 6.12.90, 6.18.32 and others. CVE-2026-46229 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46229?

Yes — CVE-2026-46229 has been patched. Fixed versions include 6.6.140, 6.12.90, 6.18.32 and others. If you are running Linux kernel 5.4 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46229 actively exploited?

No — CVE-2026-46229 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.