CVE-2026-46263: Linux AMD Display Driver Out-of-Bounds Array Access
A bounds-checking flaw in the Linux kernel's AMD display driver can allow an unprivileged local user to read or write kernel memory. The vulnerability exists in the stream encoder initialization code, where an array index is not validated before use. When the engine ID parameter exceeds the valid range (0–4), the code accesses memory outside the intended array, potentially exposing sensitive kernel data or enabling privilege escalation.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.8 HIGH · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-125
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-03 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out of bounds. eng_id is used directly as an index into stream_enc_regs[], which has only 5 entries. When eng_id is 5 (ENGINE_ID_DIGF) or negative, this can access memory past the end of the array. Add a bounds check using ARRAY_SIZE() before using eng_id as an index. The unsigned cast also rejects negative values. This avoids out-of-bounds access. Fixes the below smatch error: dcn*_resource.c: stream_encoder_create() may index stream_enc_regs[eng_id] out of bounds (size 5). drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn351/dcn351_resource.c 1246 static struct stream_encoder *dcn35_stream_encoder_create( 1247 enum engine_id eng_id, 1248 struct dc_context *ctx) 1249 { ... 1255 1256 /* Mapping of VPG, AFMT, DME register blocks to DIO block instance */ 1257 if (eng_id <= ENGINE_ID_DIGF) { ENGINE_ID_DIGF is 5. should <= be <? Unrelated but, ugh, why is Smatch saying that "eng_id" can be negative? end_id is type signed long, but there are checks in the caller which prevent it from being negative. 1258 vpg_inst = eng_id; 1259 afmt_inst = eng_id; 1260 } else 1261 return NULL; 1262 ... 1281 1282 dcn35_dio_stream_encoder_construct(enc1, ctx, ctx->dc_bios, 1283 eng_id, vpg, afmt, --> 1284 &stream_enc_regs[eng_id], ^^^^^^^^^^^^^^^^^^^^^^^ This stream_enc_regs[] array has 5 elements so we are one element beyond the end of the array. ... 1287 return &enc1->base; 1288 } v2: use explicit bounds check as suggested by Roman/Dan; avoid unsigned int cast v3: The compiler already knows how to compare the two values, so the cast (int) is not needed. (Roman)
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46263 is an out-of-bounds array access vulnerability in drivers/gpu/drm/amd/display/dc/resource/dcn*/dcn*_resource.c. The stream_encoder_create() function uses an engine ID (eng_id) to directly index the stream_enc_regs[] array, which contains only 5 elements (indices 0–4). The original code checks eng_id <= ENGINE_ID_DIGF (where ENGINE_ID_DIGF = 5), permitting an out-of-bounds access at index 5. The fix adds an explicit bounds check using ARRAY_SIZE() before indexing, rejecting invalid engine IDs. This is a classic CWE-125 (out-of-bounds read) that can also lead to memory corruption depending on the kernel layout and call context.
Business impact
Organizations running vulnerable Linux kernels with AMD GPU drivers face elevated risk of local privilege escalation and information disclosure. A local attacker with user-level access could read kernel memory, leak cryptographic keys, or corrupt kernel state to gain root privileges. This is particularly critical for multi-tenant environments, containerized workloads, and shared GPU resources where untrusted code may execute alongside trusted applications.
Affected systems
The vulnerability affects Linux kernels with AMD display driver support, specifically the DCN (Display Core Next) code paths used in modern AMD GPUs. Systems running kernels before the fix was integrated are vulnerable. Desktop, laptop, and workstation systems with AMD Radeon or Radeon Pro GPUs running vulnerable kernel versions are at risk. Affected kernel versions should be verified against your distribution's security advisories and the kernel.org CVE tracker.
Exploitability
Exploitability is moderate-to-high. The flaw requires local access and user-level privileges (no special capabilities needed initially), with a straightforward trigger—calling the stream encoder creation function with an out-of-range engine ID. However, practical exploitation depends on the attacker's ability to control the parameters passed to the vulnerable code path, which may be limited by GPU driver initialization logic. The attack surface is active during GPU setup and driver load, making it viable on systems where untrusted code can interact with GPU drivers or where GPU passthrough is used in VMs.
Remediation
Update the Linux kernel to a version that includes the bounds-check fix. Most major distributions (Ubuntu, RHEL, Debian, SUSE, Fedora) will backport the fix to their supported kernel branches. Verify the specific patch version for your distribution by consulting their security advisories. For systems unable to patch immediately, disable GPU driver loading for untrusted user accounts or restrict GPU access via access controls if possible. Alternatively, disabling CONFIG_DRM_AMD_DC at compile time removes the vulnerable code entirely but disables AMD display support.
Patch guidance
Patch versions vary by distribution; verify the exact kernel version from your vendor's security advisory. The upstream kernel fix involves adding an explicit ARRAY_SIZE() bounds check before the stream_enc_regs[] indexing statement in dcn*_stream_encoder_create(). Apply security updates as released by your Linux distribution's maintainers. Kernel reboot is required after patching.
Detection guidance
Monitor system logs for GPU driver initialization errors or crashes related to stream encoder creation. Audit access to /dev/dri/* and GPU ioctl calls on systems with AMD GPUs. Use kernel Address Sanitizer (KASAN) or similar debugging tools in test environments to catch out-of-bounds accesses. In production, look for unexpected kernel warnings or panics mentioning dcn*_resource.c or stream_encoder. Container orchestration platforms should ensure host kernels are patched before GPU device passthrough is permitted to containers.
Why prioritize this
This vulnerability merits prompt patching due to its HIGH CVSS 3.1 score (7.8), local attack vector requiring only user privileges, and the high impact on confidentiality, integrity, and availability. It enables privilege escalation and information disclosure without user interaction. Systems with GPU workloads or multi-tenant configurations should prioritize this fix within their patch cycle.
Risk score, explained
CVSS 3.1 score of 7.8 (HIGH) reflects: Attack Vector Local (AV:L), low attack complexity (AC:L), low privilege requirement (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact across confidentiality, integrity, and availability (C:H/I:H/A:H). The local-only attack vector prevents remote exploitation, but the low privilege bar and direct path to kernel memory access elevate the score significantly.
Frequently asked questions
Does this affect all Linux systems?
No. Only systems with AMD GPU drivers (specifically the DCN display driver) and a vulnerable kernel version are affected. Systems without AMD GPUs, or running patched kernels, are not vulnerable. Check your GPU type and kernel version to determine if you are affected.
Can this be exploited remotely?
No. The attack requires local access and user-level privileges on the target system. Remote attackers cannot exploit this vulnerability directly; however, if untrusted code can execute locally (e.g., via a compromised container or shared multi-user system), the vulnerability becomes a local privilege escalation vector.
What is the difference between a bounds check and an unsigned cast?
A bounds check explicitly compares the index value against the array size before access, rejecting invalid indices. An unsigned cast converts a signed value to unsigned, which can help reject negative indices in some cases but does not protect against values that exceed the array size. The upstream fix uses an explicit bounds check via ARRAY_SIZE() for clarity and correctness.
Do I need to reboot my system after patching the kernel?
Yes. Kernel security patches require a reboot to take effect. Plan a maintenance window and reboot after applying the kernel update from your Linux distribution.
This analysis is provided for informational and educational purposes. The vulnerability details, CVSS score, and patch guidance are based on the CVE record and upstream kernel fix. Patch availability and specific versions vary by Linux distribution; consult your vendor's security advisory for exact update instructions. Exploitation difficulty and real-world impact may vary depending on kernel configuration, GPU driver version, and system architecture. This document does not constitute legal, security, or professional advice. Organizations should conduct their own risk assessment and testing before deploying patches in production environments. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10889HIGHCritical ANGLE Sandbox Escape in Google Chrome – Patch to 149.0.7827.53
- CVE-2026-10927HIGHChrome Sandbox Escape via Dawn Out-of-Bounds Read
- CVE-2026-10941HIGHSkia Out-of-Bounds Memory Vulnerability in Chrome – Urgent Patch Required
- CVE-2026-11015HIGHCritical Chrome WebGPU Out-of-Bounds Read Vulnerability
- CVE-2026-46130HIGHLinux Kernel dm-verity-fec Out-of-Bounds Read – Vulnerability Details
- CVE-2026-46133HIGHLinux RDMA/rxe Kernel Panic via Invalid Opcode DoS
- CVE-2026-46138HIGHLinux Bluetooth Kernel Out-of-Bounds Read and DoS Vulnerability
- CVE-2026-46140HIGHLinux Kernel Bluetooth btmtk Driver Memory Disclosure