CVE-2026-46220 Overview
CVE-2026-46220 affects the Linux kernel's AMD GPU driver, specifically the SDMA (System DMA) v4.0 ring fence emission path. The function sdma_v4_0_ring_emit_fence() contained two BUG_ON(addr & 0x3) assertions verifying that fence writeback addresses are dword-aligned. Unprivileged userspace processes can reach these assertions via crafted DRM_IOCTL_AMDGPU_CS submissions, triggering a fatal kernel panic in a scheduler worker thread. The upstream fix replaces both BUG_ON() calls with WARN_ON() so misalignment is logged without crashing the kernel. The issue is classified as a local denial-of-service vulnerability reachable from any user with access to the AMD GPU DRM device node.
Critical Impact
Unprivileged local users can trigger a kernel panic on systems with AMD GPUs using the amdgpu driver, resulting in a full system denial of service.
Affected Products
- Linux kernel versions containing sdma_v4_0_ring_emit_fence() in the drm/amdgpu/sdma4 driver
- Systems using AMD GPUs supported by the SDMA v4.0 hardware block (Vega, Raven, Renoir families)
- Linux distributions shipping affected stable kernel branches prior to the cherry-picked fix b90250bd933afd1ba94d86d6b13821997b22b18e
Discovery Timeline
- 2026-05-28 - CVE-2026-46220 published to NVD
- 2026-05-28 - Last updated in NVD database
Technical Details for CVE-2026-46220
Vulnerability Analysis
The vulnerability resides in the AMD GPU driver's SDMA v4.0 ring fence emission callback. When the kernel issues a fence to the SDMA ring, sdma_v4_0_ring_emit_fence() validates that the writeback address is aligned to a dword boundary using BUG_ON(addr & 0x3). The BUG_ON() macro triggers an unrecoverable kernel panic when the condition is true.
The assertion executes inside a GPU scheduler worker thread, which runs in kernel context. Reaching the assertion from the DRM_IOCTL_AMDGPU_CS command submission ioctl means an unprivileged process holding a file descriptor to /dev/dri/card* or /dev/dri/renderD* can panic the host. The fix downgrades the assertion to WARN_ON(), which logs the misalignment without halting execution.
Root Cause
The root cause is the misuse of BUG_ON() for input that is influenced by userspace. Kernel coding practice reserves BUG_ON() for invariants that should be unreachable under any input. Because the fence address parameter flows from DRM_IOCTL_AMDGPU_CS submissions, the assertion is reachable by attackers and must not crash the kernel.
Attack Vector
An attacker with access to the AMD GPU device nodes submits a crafted command stream through DRM_IOCTL_AMDGPU_CS that produces a misaligned fence writeback address. The driver enqueues the work to the GPU scheduler. When the scheduler worker invokes sdma_v4_0_ring_emit_fence(), the BUG_ON() assertion fires and panics the kernel. No elevated privileges are required beyond access to the DRM render node, which is typically granted to logged-in users via the video or render group.
The vulnerability mechanism is documented in the upstream commit. See the Linux Kernel Commit 0b91ea46 and related stable backports for the patch contents.
Detection Methods for CVE-2026-46220
Indicators of Compromise
- Kernel panic messages referencing sdma_v4_0_ring_emit_fence in the call stack on systems with AMD GPUs
- Unexpected system reboots correlated with active graphics or compute workloads from unprivileged users
- BUG: entries in dmesg or /var/log/kern.log originating from the amdgpu driver and GPU scheduler worker threads
Detection Strategies
- Monitor kernel ring buffer output for BUG_ON or WARN_ON events tied to sdma_v4_0 symbols
- Audit running kernel versions against the patched commits across all hosts with AMD GPUs
- Correlate user sessions with crash dumps to identify processes issuing malformed DRM_IOCTL_AMDGPU_CS calls
Monitoring Recommendations
- Centralize dmesg and kdump collection from Linux endpoints and servers using AMD discrete or integrated GPUs
- Alert on repeated GPU scheduler faults or amdgpu driver errors preceding host reboots
- Track process-level access to /dev/dri/render* and /dev/dri/card* device nodes for anomalous ioctl patterns
How to Mitigate CVE-2026-46220
Immediate Actions Required
- Apply the upstream stable kernel update containing cherry-pick b90250bd933afd1ba94d86d6b13821997b22b18e as soon as your distribution publishes it
- Restrict access to /dev/dri/render* and /dev/dri/card* to trusted users only on multi-user systems
- Inventory hosts running AMD GPUs with the amdgpu driver loaded and prioritize patching for shared or multi-tenant systems
Patch Information
The fix replaces both BUG_ON(addr & 0x3) calls in sdma_v4_0_ring_emit_fence() with WARN_ON(), preventing kernel panics from misaligned fence addresses. Patches are available across multiple stable branches. See Linux Kernel Commit 0b91ea46, Linux Kernel Commit 4f7ca00f, Linux Kernel Commit 78d2e624, Linux Kernel Commit a4fd82fb, and Linux Kernel Commit d331fb24 for the backports.
Workarounds
- Remove untrusted users from the video and render groups to limit DRM device node access
- Where AMD GPU acceleration is unnecessary, unload the amdgpu module or blacklist it to eliminate the attack surface
- On container hosts, avoid exposing /dev/dri/* device nodes into untrusted workloads
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
