CVE-2026-46199: Linux Kernel AMD VCN4 Out-of-Bounds Read – Patch Guide
A flaw in the Linux kernel's AMD GPU video codec (VCN4) driver allows a local attacker to read memory beyond the intended boundaries of a buffer when processing decode messages. An authenticated user with local access can exploit this to access sensitive kernel memory, potentially exposing confidential data or triggering a system crash. The vulnerability requires local access and valid user privileges, limiting its reach but making it a concern for multi-user systems and containerized environments.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.1 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- Weaknesses (CWE)
- CWE-125
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg.
6 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46199 is an out-of-bounds (OOB) read vulnerability in the drm/amdgpu/vcn4 subsystem of the Linux kernel. The flaw exists in the decode message parsing logic, where boundary checks against the buffer object (BO) end address are insufficiently enforced. An attacker with local privileges can craft or influence a malicious decode message that causes the parser to read memory beyond the allocated BO, violating CWE-125 (Out-of-bounds Read). The vulnerability affects the AMDGPU display and rendering subsystem commonly found in consumer and server platforms using AMD Radeon and EPYC processors.
Business impact
Organizations operating Linux systems with AMD GPUs—particularly data centers, cloud providers, and workstation environments—face risk of information disclosure and denial of service. An attacker with local shell access or a compromised container can leak kernel memory (defeating KASLR and exposing credentials or sensitive data) or crash the GPU subsystem, degrading performance or availability. Multi-tenant systems and cloud platforms are especially vulnerable, as a guest VM or container tenant could target the host or sibling tenants. The impact severity is heightened in environments where GPU resource sharing and privilege isolation are assumed.
Affected systems
The vulnerability affects Linux kernels with the AMD VCN4 video codec driver enabled, present in systems with compatible AMD GPUs (Radeon and EPYC lines). Any Linux distribution shipping an affected kernel version prior to the security fix is at risk. The flaw does not affect systems without AMD GPUs or those with the driver disabled. Verify your kernel version and GPU hardware against the vendor's advisory and your distribution's advisory to confirm exposure.
Exploitability
Exploitation requires local access with user-level privileges (no root needed initially) to trigger the OOB read. An attacker must be able to submit or influence decode messages to the VCN4 parser, which may be possible through GPU compute APIs, video decode libraries, or container escape vectors. The attack vector is local (AV:L) and the complexity is low (AC:L), meaning standard local privilege escalation or a compromised application in the user's session suffices. There is no known public exploit code; however, the straightforward nature of an OOB read makes weaponization feasible once the fix is public.
Remediation
Apply the Linux kernel security update that adds proper bounds checking to the VCN4 decode message parser. Most distributions will release patched kernel versions through their standard repositories. Affected users should upgrade their kernel and reboot. Interim mitigations include disabling the AMDGPU driver if the GPU is not needed, or restricting local access to untrusted users and containers. Ensure your kernel source matches the vendor advisory for exact patch version numbers.
Patch guidance
Monitor your Linux distribution (Ubuntu, Red Hat, Debian, etc.) for kernel security advisories referencing CVE-2026-46199 or drm/amdgpu/vcn4. Once available, install the patched kernel via your package manager (e.g., apt update && apt install linux-image-generic for Ubuntu). Reboot the system to apply the fix. Verify the new kernel version and confirm the VCN4 driver is loaded without warnings using dmesg or journalctl. For cloud and container environments, update base OS images and orchestration cluster node images promptly.
Detection guidance
Look for system log entries indicating VCN4 driver errors, out-of-bounds memory access warnings, or GPU subsystem crashes coinciding with video decode operations or GPU compute workloads. Monitor kernel audit logs (auditd) for unusual system calls or GPU-related activity from non-standard processes. Intrusion detection systems (IDS) can flag attempts to load or manipulate GPU memory through unusual library calls or kernel module interactions. In container environments, watch for escape attempts or lateral movement following GPU access anomalies.
Why prioritize this
This vulnerability warrants rapid patching due to its HIGH CVSS score (7.1), combination of information disclosure and denial of service impact, and the broad deployment of Linux in data centers and cloud. Although it requires local privileges, modern attack chains often chain local flaws with remote entry points. Multi-tenant environments are at particular risk. Prioritize systems running GPU-heavy workloads, data centers, and cloud instances. Single-user systems without GPU sharing or GPU-less systems can deprioritize but should not neglect patching indefinitely.
Risk score, explained
The CVSS 3.1 score of 7.1 (HIGH) reflects: local attack vector (AV:L) limiting exposure to authenticated users; low complexity (AC:L) enabling straightforward exploitation; user privilege requirement (PR:L) excluding unauthenticated attacks; high confidentiality impact (C:H) from memory disclosure; and high availability impact (A:H) from crash potential. Integrity is not affected (I:N), so data corruption is not a direct threat. The scope is unchanged (S:U), meaning the impact is confined to the affected system.
Frequently asked questions
Does this affect my system if I don't have an AMD GPU?
No. CVE-2026-46199 is specific to the AMD VCN4 video codec driver. Systems without AMD discrete or integrated GPUs (e.g., those with Intel or NVIDIA GPUs, or CPU-only servers) are not affected. Check your hardware configuration to confirm.
Can this vulnerability be exploited remotely?
No. The attack vector is strictly local (AV:L), meaning the attacker must have a login session or local code execution on the target system. Remote exploitation is not possible unless combined with a separate remote code execution vulnerability.
What should I do if I cannot update my kernel immediately?
If an immediate kernel update is not feasible, consider disabling the AMDGPU driver if GPU functionality is not required, or restrict local access to trusted users only. For cloud and container environments, implement strict access controls and monitor for suspicious GPU activity. Schedule the kernel update within your maintenance window as soon as practical.
How can I verify that my kernel includes the fix?
After patching, check your kernel version using uname -r and consult your distribution's security advisory or release notes for the specific kernel version that includes the fix. You can also search the Linux kernel Git repository for commits referencing CVE-2026-46199 to confirm the patch is present in your kernel source.
This analysis is provided for informational purposes and should not be treated as legal or professional security advice. SEC.co does not warrant the completeness or accuracy of the analysis and assumes no liability for actions taken based on this content. Organizations should conduct their own risk assessments and testing before deploying patches. Patch availability and version numbers vary by Linux distribution; consult your vendor's official security advisory for definitive information. This vulnerability was not on the CISA KEV list as of the last update. Always verify all claims against authoritative sources, including the Linux kernel project, your distribution maintainer, and the NIST CVE database. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10889HIGHCritical ANGLE Sandbox Escape in Google Chrome – Patch to 149.0.7827.53
- CVE-2026-10927HIGHChrome Sandbox Escape via Dawn Out-of-Bounds Read
- CVE-2026-10941HIGHSkia Out-of-Bounds Memory Vulnerability in Chrome – Urgent Patch Required
- CVE-2026-11015HIGHCritical Chrome WebGPU Out-of-Bounds Read Vulnerability
- CVE-2026-46130HIGHLinux Kernel dm-verity-fec Out-of-Bounds Read – Vulnerability Details
- CVE-2026-46133HIGHLinux RDMA/rxe Kernel Panic via Invalid Opcode DoS
- CVE-2026-46138HIGHLinux Bluetooth Kernel Out-of-Bounds Read and DoS Vulnerability
- CVE-2026-46140HIGHLinux Kernel Bluetooth btmtk Driver Memory Disclosure