PatchSiren cyber security CVE debrief
CVE-2026-46309 Linux CVE debrief
A vulnerability has been resolved in the Linux kernel, specifically in the drm/xe/uapi component. The vulnerability arises from the use of coh_none PAT index for CPU cached memory in madvise. This can lead to a security issue where the GPU with coh_none can bypass CPU caches and read stale sensitive data directly from DRAM, potentially leaking data from previously freed pages of other processes.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel, particularly those using the drm/xe/uapi component, should be aware of this vulnerability.
Technical summary
The vulnerability is caused by the lack of validation in xe_vm_madvise_ioctl() for PAT indices with XE_COH_NONE coherency mode when applied to CPU cached memory. This can lead to a security issue where sensitive data can be leaked.
Defensive priority
high
Recommended defensive actions
- Apply the patch from the Linux kernel repository to fix the vulnerability.
- Use the official CVE record from CVE.org for more information: [cve-org]
- Check the NVD detail page for more information: [nvd]
Evidence notes
The vulnerability has been resolved in the Linux kernel repository.
Official resources
-
CVE-2026-46309 CVE record
CVE.org
-
CVE-2026-46309 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2026-46309 was published on 2026-06-08T17:16:49.820Z.