PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46204 Linux CVE debrief

A vulnerability in the Linux kernel's AMDGPU driver for VCN4 (Video Core Next 4) hardware could allow out-of-bounds (OOB) memory reads during command buffer parsing. The issue stems from insufficient bounds checking when parsing Indirect Buffers (IBs) in the VCN4 video decode/encode engine driver. The fix rewrites the IB parsing logic to use `amdgpu_ib_get_value()`, a helper function that performs proper bounds validation before accessing buffer data. This vulnerability affects systems with AMD GPUs featuring VCN4 hardware acceleration for video processing. Successful exploitation could lead to information disclosure from kernel memory or potentially cause system instability. The vulnerability was resolved by replacing direct buffer access with the bounds-checked helper function across affected code paths.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-30
Advisory published
2026-05-28
Advisory updated
2026-05-30

Who should care

Organizations running Linux workstations or servers with AMD Radeon GPUs utilizing VCN4 video acceleration; cloud providers offering GPU instances with AMD hardware; media processing pipelines dependent on AMD hardware video encode/decode; security teams monitoring kernel driver vulnerabilities affecting graphics subsystems

Technical summary

The vulnerability exists in the Direct Rendering Manager (DRM) AMDGPU driver's VCN4 (Video Core Next 4) component, specifically in the Indirect Buffer (IB) parsing code. VCN4 is AMD's hardware video decode/encode engine found in modern Radeon GPUs. The original code performed direct memory access on IB data without verifying buffer bounds, enabling out-of-bounds reads when processing malformed or truncated command buffers. The resolution replaces unsafe direct access with `amdgpu_ib_get_value()`, a kernel helper that validates offsets against buffer limits before dereferencing. The five referenced stable commits indicate backports to multiple supported kernel branches, suggesting the fix applies across several kernel versions. This is a local vulnerability requiring ability to submit GPU command buffers, typically through DRM device access.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates containing the referenced stable commits when available through distribution channels
  • Prioritize patching systems with AMD GPUs utilizing VCN4 video acceleration for decode/encode workloads
  • Monitor vendor security advisories for kernel package updates addressing this vulnerability
  • Review system logs for unusual AMDGPU driver errors that may indicate exploitation attempts
  • Consider disabling VCN4 hardware acceleration if patching is delayed and video acceleration is not business-critical

Evidence notes

CVE description confirms OOB read vulnerability in drm/amdgpu/vcn4 IB parsing. Fix involves using amdgpu_ib_get_value() for bounds checking. Multiple stable kernel commits provided indicate backports to supported branches.

Official resources

2026-05-28