{"id":"CVE-2026-46276","summary":"drm/amdgpu: fix zero-size GDS range init on RDNA4","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix zero-size GDS range init on RDNA4\n\nRDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory\nresources. The gfx_v12_0 initialisation code correctly leaves\nadev-\u003egds.gds_size, adev-\u003egds.gws_size, and adev-\u003egds.oa_size at\nzero to reflect this.\n\namdgpu_ttm_init() unconditionally calls amdgpu_ttm_init_on_chip() for\neach of these resources regardless of size. When the size is zero,\namdgpu_ttm_init_on_chip() forwards the call to ttm_range_man_init(),\nwhich calls drm_mm_init(mm, 0, 0). drm_mm_init() immediately fires\nDRM_MM_BUG_ON(start + size \u003c= start) -- trivially true when size is\nzero -- crashing the kernel during modprobe of amdgpu on an RX 9070 XT.\n\nGuard against this by returning 0 early from\namdgpu_ttm_init_on_chip() when size_in_page is zero. This skips TTM\nresource manager registration for hardware resources that are absent,\nwithout affecting any other GPU type.\n\nDRM_MM_BUG_ON() only asserts if CONFIG_DRM_DEBUG_MM is enabled in\nthe kernel config.  This is apparently rarely enabled as these chips\nhave been in the market for over a year and this issue was only reported\nnow.\n\nOops-Analysis: http://oops.fenrus.org/reports/bugzilla.korg/221376/report.html\n(cherry picked from commit 5719ce5865279cad4fd5f01011fe037168503f2d)","modified":"2026-06-18T03:54:44.065334134Z","published":"2026-06-08T15:41:18.672Z","related":["openSUSE-SU-2026:11014-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46276.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0e21db1a77967bc15df662efdca8ea8a61d124ea"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1f5d33e7b0a9a2a140f46e22fb52eede323c5946"},{"type":"WEB","url":"https://git.kernel.org/stable/c/30c000a49094ec568c9b51b7421f7a4a3f0b0298"},{"type":"WEB","url":"https://git.kernel.org/stable/c/36f9602fb22ede69fcc8b422be0cf8105bf655ad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3e26c76891ab99fa173e9c501119fbb5c9f4600f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9bc925759c05feae7dfa9570e77131d54729c8ea"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be0376affcafa0bbb371bb501579a825eae32281"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46276.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46276"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c832c346cdf9022872655be621880e0f66f4135d"},{"fixed":"1f5d33e7b0a9a2a140f46e22fb52eede323c5946"},{"fixed":"9bc925759c05feae7dfa9570e77131d54729c8ea"},{"fixed":"36f9602fb22ede69fcc8b422be0cf8105bf655ad"},{"fixed":"be0376affcafa0bbb371bb501579a825eae32281"},{"fixed":"0e21db1a77967bc15df662efdca8ea8a61d124ea"},{"fixed":"30c000a49094ec568c9b51b7421f7a4a3f0b0298"},{"fixed":"3e26c76891ab99fa173e9c501119fbb5c9f4600f"},{"fixed":"095a8b0ad3c3b5cdc3850d961adb8a8f735220bb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46276.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.10.258"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.209"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.140"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46276.json"}}],"schema_version":"1.7.5"}