CVE-2026-46218: AMD GPU Bounds Checking Vulnerability in Linux Kernel
A vulnerability exists in the Linux kernel's AMD GPU driver where video codec processing code (used for UVD, VCE, and VCN hardware) accesses memory buffers without verifying those buffers are large enough. An attacker with local access could exploit this to read sensitive kernel memory or cause a system crash. The fix adds proper bounds checking before these memory accesses and corrects an integer type to prevent overflow conditions that could bypass the checks.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.1 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- Weaknesses (CWE)
- —
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can handle arbitrary return values. Also make the idx a uint32_t to prevent overflows causing the condition to fail.
6 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46218 addresses missing bounds validation in the amdgpu DRM driver's instruction buffer (IB) handling for video codec engines. The uvd/vce/vcn code paths call ib_get_value() and ib_set_value() functions that access predetermined offsets within instruction buffers without verifying the IB length is sufficient. This can lead to out-of-bounds memory reads or writes. The patch introduces bounds checking before these accesses and changes the idx parameter from a signed to unsigned 32-bit integer to eliminate potential overflow conditions that could allow malicious code to bypass the new checks.
Business impact
Systems running vulnerable Linux kernels with AMD GPU support are at risk of local privilege escalation and denial of service. A local unprivileged user could read privileged kernel memory (information disclosure) or crash the system. Environments with shared compute resources (HPC clusters, cloud instances with GPU pass-through, or workstations with untrusted user access) face the highest risk. Data centers running AMD-based GPU infrastructure should treat this as a stability and confidentiality concern.
Affected systems
The Linux kernel is affected. The vulnerability is specific to systems with AMD GPU hardware where the amdgpu driver is loaded and the video codec engines (UVD, VCE, or VCN) are accessible to local users. This includes AMD Radeon GPUs and EPYC systems with GPU acceleration. Verify your kernel version and GPU driver configuration against the vendor advisory to confirm exposure.
Exploitability
Exploitability is moderate to high for at-risk systems. The attack vector is local, requiring an attacker to already have user-level access to the system. No user interaction is required once access is obtained. The attack surface is the video codec instruction buffer processing, which may be triggered through graphics APIs or compute frameworks that utilize GPU video acceleration. However, exploitation requires specific knowledge of buffer layout and careful crafting of input to trigger the out-of-bounds access reliably.
Remediation
Apply the Linux kernel patch that adds bounds checking to the ib_get_value() and ib_set_value() functions in the amdgpu driver. Verify the patched kernel version against your distribution's security advisory. Additionally, restrict local system access to trusted users only, as this vulnerability requires local authentication. Systems that do not use AMD GPU hardware or have GPU access disabled are not affected.
Patch guidance
Monitor your Linux distribution's security announcements for a patched kernel version incorporating this fix. The patch has been integrated into the Linux kernel upstream. Apply kernel updates from your distribution as soon as they become available and test in non-production environments first. Depending on your distribution and kernel series, the patch may arrive through regular updates or as a targeted security release. Verify the kernel changelog mentions bounds checking additions to the amdgpu video codec functions before deploying.
Detection guidance
Monitor system logs for GPU driver errors, segmentation faults, or kernel panics related to amdgpu, uvd, vce, or vcn subsystems, particularly if they correlate with graphics or compute workload activity. Inspect running kernel version via 'uname -r' and cross-reference against your vendor's list of patched versions. Network-based detection is not possible as this is a local privilege escalation vector. Endpoint detection tools that monitor system calls to GPU driver interfaces may detect exploit attempts in advanced environments. Review GPU access permissions and which users can invoke GPU compute resources.
Why prioritize this
This vulnerability merits prompt attention because it enables local privilege escalation and information disclosure on GPU-equipped systems. The CVSS 3.1 score of 7.1 (HIGH) reflects high confidentiality and availability impact accessible to local users. While the barrier to exploitation is higher than remote attacks, the combination of memory disclosure and crash capabilities on shared systems presents meaningful risk. Systems in multi-tenant or HPC environments should prioritize patching. Standard endpoints and servers without AMD GPU support can be deprioritized.
Risk score, explained
The CVSS 3.1 score of 7.1 is derived from local attack vector (AV:L), low attack complexity (AC:L), low privilege requirements (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and high availability impact (A:H). This reflects that a local, low-privileged user can reliably trigger the vulnerability to read kernel memory or crash the system, but remote exploitation is not possible and integrity is not directly compromised.
Frequently asked questions
Do I need to patch if I don't have AMD GPUs installed?
No. This vulnerability is specific to systems running the amdgpu DRM driver with AMD GPU hardware. If your systems use NVIDIA, Intel, or no discrete GPU support, they are not affected by this CVE. Verify your hardware and loaded kernel modules to confirm.
Can this vulnerability be exploited remotely?
No. This is a local privilege escalation vulnerability. An attacker must already have local user-level access to the system to exploit it. Remote exploitation is not possible.
What is the difference between information disclosure and a crash in this context?
The vulnerability allows out-of-bounds memory access. An attacker could read (disclose) sensitive kernel memory to steal data, or craft malicious input that causes an out-of-bounds write leading to a kernel panic. Both outcomes are possible depending on how the attacker uses the vulnerability.
Does this affect GPU containers or virtualization?
If your hypervisor or container runtime provides GPU pass-through to untrusted workloads, yes—users within those workloads could exploit this vulnerability on the host kernel if it is unpatched. GPU sharing via virtualization requires careful isolation; apply kernel patches before exposing GPU resources to tenants.
This analysis is provided for informational purposes and based on the CVE description and CVSS metrics as published. Verification of affected versions, patch availability, and deployment readiness should be conducted against official vendor advisories and your organization's systems inventory. SEC.co makes no warranty regarding the accuracy or completeness of this assessment. Always test patches in a non-production environment before enterprise deployment. Organizations should maintain current vulnerability management processes and consult with their security teams and vendors for definitive remediation guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Affected vendors
Related vulnerabilities
- CVE-2026-10001HIGHChrome Sandbox Escape via PerformanceManager Use-After-Free
- CVE-2026-10002HIGHGoogle Chrome PDFium Use-After-Free Vulnerability (CVSS 8.8)
- CVE-2026-10003HIGHChrome Use-After-Free Code Execution Vulnerability Analysis
- CVE-2026-10006HIGHChrome WebAudio Race Condition Remote Code Execution
- CVE-2026-10007HIGHChrome Use-After-Free in SVG Arbitrary Code Execution (CVSS 8.8)
- CVE-2026-10009HIGHChrome Skia Integer Overflow Sandbox Escape – Patch Guidance
- CVE-2026-10012HIGHChrome Skia Use-After-Free Sandbox Escape (v148.0.7778.216)
- CVE-2026-10013HIGHUse-After-Free in Chrome WebCodecs – Patch Guide & Risk Assessment