CVE-2026-46204: Linux Kernel AMD GPU Out-of-Bounds Read – VCN4 Parser Vulnerability
A bounds-checking vulnerability exists in the Linux kernel's AMD GPU video codec (VCN4) instruction buffer parser. When the kernel processes instruction buffers from user space, it can read beyond allocated memory if malicious or malformed data is provided. A local attacker with basic user privileges can trigger out-of-bounds reads, potentially exposing sensitive kernel memory or causing a denial of service. The fix involves rewriting the parser to use proper bounds-checking functions.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.1 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- Weaknesses (CWE)
- CWE-125
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing IB Rewrite the IB parsing to use amdgpu_ib_get_value() which handles the bounds checks.
5 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46204 is an out-of-bounds read vulnerability in the amdgpu/vcn4 subsystem of the Linux kernel. The instruction buffer (IB) parser lacks sufficient bounds validation when processing user-supplied data structures. An attacker can craft a malicious IB that causes the parser to read memory outside its intended boundaries. The vulnerability is resolved by replacing the vulnerable parsing logic with calls to amdgpu_ib_get_value(), a helper function that enforces bounds checking on all memory accesses. This is classified as CWE-125 (Out-of-bounds Read).
Business impact
Systems running affected Linux kernels with AMD GPU support are vulnerable to local privilege escalation and information disclosure. An unprivileged user can read sensitive kernel memory, potentially recovering cryptographic material, authentication tokens, or other secrets. Attackers can also trigger kernel panics, causing service disruptions on affected hosts. For organizations operating AMD GPU-based compute clusters, container orchestration platforms, or workstations, this vulnerability can be weaponized to break isolation between tenants or users.
Affected systems
The Linux kernel with amdgpu/vcn4 driver support is affected. This includes systems with AMD RDNA or RDNA2-class GPUs running vulnerable kernel versions. The vulnerability requires local code execution; remote exploitation is not possible. Container environments, multi-tenant systems, and HPC clusters with GPU acceleration are at particular risk.
Exploitability
Exploitability is moderate to high for systems where untrusted users have local access. The vulnerability requires local user privileges (not root), and no user interaction is required—an attacker simply needs to send a crafted instruction buffer to the GPU driver. The attack surface is limited to systems where the amdgpu driver is loaded and accessible from unprivileged user space. No public exploit code has been designated for KEV inclusion as of this advisory.
Remediation
Apply a Linux kernel update that includes the fix for CVE-2026-46204. Verify against your vendor's advisory or the upstream Linux kernel commit for the exact patched version applicable to your distribution and kernel series. In parallel, enforce principle of least privilege by restricting GPU driver access to trusted users only, and consider disabling GPU features if they are not required.
Patch guidance
Obtain updates from your Linux distribution's security channel (RHEL, Ubuntu, Debian, SUSE, etc.) or directly from kernel.org if running an unmodified upstream kernel. Verify the fix is included by checking the kernel version and confirming the presence of the amdgpu_ib_get_value() bounds-checking calls in the vcn4 parser. Test patches in a non-production environment first, as GPU driver updates may affect workload performance or stability in edge cases.
Detection guidance
Monitor kernel logs for GPU driver errors, segmentation faults, or out-of-bounds access warnings originating from the amdgpu/vcn4 subsystem. Implement runtime integrity monitoring on systems where untrusted code execution is possible. Audit access to GPU device files (/dev/dri/*) to identify unexpected user attempts to interact with the GPU. Use kernel module introspection to confirm that the unpatched vcn4 parser is not in use.
Why prioritize this
This vulnerability merits immediate attention because it combines local privilege escalation, information disclosure, and denial-of-service potential in a commonly accessible driver subsystem. The CVSS 3.1 score of 7.1 (HIGH) reflects the high impact on confidentiality and availability. While exploitation requires local access, the barrier to entry is low for users on affected systems. Multi-tenant environments and systems permitting untrusted user code should prioritize patching.
Risk score, explained
The CVSS 3.1 vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) yields a score of 7.1 (HIGH). The attack vector is local (AV:L), attack complexity is low (AC:L), and only low privileges are required (PR:L). There is no user interaction needed (UI:N) and the scope is unchanged (S:U). The vulnerability has high impact on confidentiality (C:H)—kernel memory disclosure—and high impact on availability (A:H)—potential kernel panic. Integrity is not impacted (I:N) because the vulnerability is read-only.
Frequently asked questions
Can this vulnerability be exploited remotely?
No. The vulnerability requires local code execution on the affected system. An attacker must have user-level access to interact with the GPU driver's instruction buffer parser.
Do I need to patch if I don't have AMD GPUs?
No. This vulnerability is specific to the amdgpu/vcn4 driver subsystem. If your systems do not have AMD RDNA or RDNA2 GPUs, or if the amdgpu driver is not loaded, you are not affected.
What information can an attacker extract?
An out-of-bounds read allows an attacker to access adjacent kernel memory, which may contain sensitive data such as cryptographic keys, authentication tokens, or pointer addresses. The exact content depends on the kernel's memory layout at the time of exploitation.
Is there a workaround if I cannot patch immediately?
Restrict GPU device file access (/dev/dri/*) to trusted users only using filesystem permissions or security modules. Disable GPU features if they are not required. However, patching is the definitive remediation.
This analysis is based on the CVE record and public disclosure. Actual exploitability and impact may vary depending on kernel version, GPU hardware configuration, and system-specific settings. Organizations should verify patch applicability through vendor advisories and test in non-production environments before deployment. SEC.co does not provide exploit code or weaponized proof-of-concept demonstrations. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10889HIGHCritical ANGLE Sandbox Escape in Google Chrome – Patch to 149.0.7827.53
- CVE-2026-10927HIGHChrome Sandbox Escape via Dawn Out-of-Bounds Read
- CVE-2026-10941HIGHSkia Out-of-Bounds Memory Vulnerability in Chrome – Urgent Patch Required
- CVE-2026-11015HIGHCritical Chrome WebGPU Out-of-Bounds Read Vulnerability
- CVE-2026-46130HIGHLinux Kernel dm-verity-fec Out-of-Bounds Read – Vulnerability Details
- CVE-2026-46133HIGHLinux RDMA/rxe Kernel Panic via Invalid Opcode DoS
- CVE-2026-46138HIGHLinux Bluetooth Kernel Out-of-Bounds Read and DoS Vulnerability
- CVE-2026-46140HIGHLinux Kernel Bluetooth btmtk Driver Memory Disclosure