CVE-2026-45878 Linux CVE debrief

Who should care

Linux system administrators running AMD GPU systems with KFD debugging enabled; security teams monitoring kernel driver vulnerabilities; organizations using AMD GPUs for compute workloads with ROCm/KFD stack

Technical summary

The vulnerability resides in drivers/gpu/drm/amd/amdkfd/kfd_debug.c in the kfd_dbg_trap_clear_dev_address_watch() function. The watch_id parameter is received as uint32_t but passed to helper functions using signed int, enabling integer conversion to negative values when watch_id > INT_MAX. This causes undefined behavior in bit-shift operations and potential out-of-bounds array access to pdd->watch_points[]. The fix validates watch_id < MAX_WATCH_ADDRESSES early in both set and clear code paths, and uses BIT(watch_id) for safe bit manipulation. Multiple stable kernel branches received backported fixes.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the drm/amdkfd fix for CVE-2026-45878 when available from your Linux distribution
• Verify kernel version includes commits addressing this vulnerability in the stable kernel branches
• Restrict access to KFD debugging interfaces to trusted administrative users only
• Monitor for unexpected system crashes or GPU driver errors that could indicate exploitation attempts
• Review system logs for anomalous debug address watch operations from untrusted processes

Evidence notes

The vulnerability description and patch details are sourced from the official CVE record and NVD entry published 2026-05-27. The fix involves multiple stable kernel commits referenced in the source data. The issue was identified through static analysis detecting potential buffer overflow with user-controlled watch_id values in the range 0-3 and 2147483648-u32max.

Official resources