CVE-2026-46218 Linux CVE debrief

Who should care

Organizations running Linux systems with AMD GPUs utilizing hardware video acceleration; kernel maintainers and distribution security teams responsible for stable kernel updates; security teams monitoring for local privilege escalation vectors in graphics subsystems

Technical summary

The AMDGPU driver's indirect buffer accessor functions (`ib_get_value` and `ib_set_value`) are used by the UVD (Unified Video Decoder), VCE (Video Compression Engine), and VCN (Video Core Next) subsystems to manipulate command buffers for GPU video acceleration. The original implementation accessed IB memory at caller-provided offsets without first validating that the offset was within the allocated buffer bounds. Additionally, the index parameter's type could allow integer overflow to bypass any bounds check. The resolution adds explicit length validation before memory access and changes the index type to `uint32_t` to eliminate signedness and overflow concerns. Callers must now handle potential error returns from these functions.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available through distribution security channels
• Monitor NVD for CVSS scoring and CISA KEV listing as analysis progresses
• Review local systems for AMD GPUs utilizing UVD, VCE, or VCN video acceleration features
• Validate that video acceleration workloads run with appropriate sandboxing where feasible

Evidence notes

The vulnerability description and resolution are sourced from the official CVE record published by CVE.org and mirrored in NVD. The fix is confirmed through five stable kernel Git commits across multiple kernel versions. No CVSS score has been assigned as of the CVE publication date; NVD status is 'Awaiting Analysis'.

Official resources