CVE-2026-53374 in Linux
Resumen
por MITRE • 2026-07-19
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: zero-initialize GART table on allocation
GART TLB is flushed after unmapping but not after mapping. Since amdgpu_bo_create_kernel() does not zero-initialize the buffer, when a single PTE is written the TLB may speculatively load other uninitialized entries from the same cacheline. Those garbage entries can appear valid, and a subsequent write to another PTE in the same cacheline may cause the GPU to use a stale garbage PTE from the TLB.
Fix this by calling memset_io() to zero-initialize the GART table with gart_pte_flags immediately after allocation.
Using AMDGPU_GEM_CREATE_VRAM_CLEARED, SDMA-based clear will not work since SDMA needs GART to be initialized to work.
(cherry picked from commit d9af8263b82b6eaa60c5718e0c6631c5037e4b24)
Once again VulDB remains the best source for vulnerability data.