In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix zero-size GDS range init on RDNA4
RDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev->gds.gdssize, adev->gds.gwssize, and adev->gds.oa_size at zero to reflect this.
amdgputtminit() unconditionally calls amdgputtminitonchip() for each of these resources regardless of size. When the size is zero, amdgputtminitonchip() forwards the call to ttmrangemaninit(), which calls drmmminit(mm, 0, 0). drmmminit() immediately fires DRMMMBUGON(start + size <= start) -- trivially true when size is zero -- crashing the kernel during modprobe of amdgpu on an RX 9070 XT.
Guard against this by returning 0 early from amdgputtminitonchip() when sizeinpage is zero. This skips TTM resource manager registration for hardware resources that are absent, without affecting any other GPU type.
DRMMMBUGON() only asserts if CONFIGDRMDEBUGMM is enabled in the kernel config. This is apparently rarely enabled as these chips have been in the market for over a year and this issue was only reported now.
Oops-Analysis: http://oops.fenrus.org/reports/bugzilla.korg/221376/report.html (cherry picked from commit 5719ce5865279cad4fd5f01011fe037168503f2d)
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46276.json"
}