AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-46309: In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cach

infovulnerability

security

Source: NVD/CVE DatabaseJune 8, 2026CVE-2026-46309

Summary

A vulnerability in the Linux kernel's graphics driver (drm/xe) allowed a GPU with coh_none coherency mode (a setting that lets the GPU bypass CPU caches) to read sensitive data from CPU cache when applied to CPU cached memory. An attacker could potentially access stale data from previously freed memory pages belonging to other processes. The fix adds validation to reject this dangerous combination in the madvise function.

Solution / Mitigation

Add validation in xe_vm_madvise_ioctl() to reject PAT indices (page attribute table settings) with XE_COH_NONE coherency mode when applied to CPU cached memory, aligning with existing validation in the vm_bind path.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

June 8, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46309

First tracked: June 9, 2026 at 08:09 AM

Classified by LLM (prompt v3) · confidence: 95%