CVE-2026-46211 Linux CVE debrief

Who should care

Linux kernel maintainers, mobile/embedded device vendors using Qualcomm Adreno GPUs, DRM subsystem developers, security teams tracking kernel graphics driver vulnerabilities

Technical summary

The `msm_ioctl_gem_info_get_metadata()` function in `drivers/gpu/drm/msm/msm_gem.c` contains two defects: (1) unconditional `return 0` at function exit ignores the `ret` variable populated by `copy_to_user()` error checks, causing false success reporting to userspace when copy operations fail or buffers are too small; (2) unchecked `kmemdup()` return value permits NULL pointer dereference in subsequent `copy_to_user()` call when kernel memory is exhausted. The patch adds `if (!metadata)` NULL check after `kmemdup()` and changes final return from `return 0` to `return ret`.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable tree commits when available for your distribution
• Monitor vendor security advisories for kernel updates addressing CVE-2026-46211
• Validate DRM/MSM driver error handling in custom kernel builds
• Review application-level handling of GEM metadata ioctls for unexpected success responses

Evidence notes

The vulnerability description is sourced from the official CVE record published 2026-05-28. The fix is confirmed by kernel.org stable tree commits. The SET counterpart function correctly returns `ret`, highlighting the GET function's omission.

Official resources