CVE-2026-46174 Linux CVE debrief

Who should care

Organizations running Linux on AMD Zen 2 based infrastructure, including cloud providers with AMD EPYC Rome (Zen 2) deployments, enterprises with AMD Ryzen 3000/4000 series workstations, and managed service providers hosting customer workloads on Zen 2 hardware. Kernel maintainers and distribution vendors should prioritize backporting. Security teams should track for CVSS assignment and assess exposure based on AMD Zen 2 hardware inventory.

Technical summary

The vulnerability exists in the Linux kernel's x86 CPU handling code for AMD Zen 2 processors. The operation cache (op cache) is a microarchitectural structure that caches decoded micro-operations. Improper isolation of shared resources in this cache could allow instruction corruption, potentially affecting execution integrity. The fix ensures proper resource isolation mechanisms are enforced for the op cache on affected AMD Zen 2 systems. Multiple stable kernel branches have received patches as indicated by the eight distinct git.kernel.org stable commits referenced in NVD data.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates from distribution vendor when available, prioritizing systems with AMD Zen 2 processors
• Monitor stable kernel branches for backported fixes (multiple stable branches affected per NVD references)
• Review system logs for unexplained instruction execution anomalies on affected hardware
• Coordinate with hardware teams to identify AMD Zen 2 deployments in infrastructure
• Validate microcode update status on AMD Zen 2 systems as complementary hardening

Evidence notes

CVE published 2026-05-28. Multiple stable kernel commits provided by NVD reference git.kernel.org stable branches. Vendor attribution to AMD via 'x86/CPU/AMD' prefix in CVE description and commit subjects. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis). No KEV listing.

Official resources