PatchSiren cyber security CVE debrief
CVE-2026-46311 Linux CVE debrief
A vulnerability was found in the Linux kernel's drm/amdgpu/userq component. The issue arises from improper access to stale wptr mapping data. This can occur when the wptr_obj is unmapped during queue creation, and another buffer object (bo) is passed to the same address. The fix involves using drm_exec to take both locks, i.e., vm root bo and wptr_obj bo, to properly access the mapping data.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-14
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-14
Who should care
Users of the Linux kernel, particularly those using the amd gpu driver, should be aware of this vulnerability. An attacker with local access could potentially exploit this issue to gain elevated privileges.
Technical summary
The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Apply the kernel patch that fixes the issue.
- Use official distribution mechanisms to update the kernel.
Evidence notes
The CVE record was obtained from the official CVE website. Additional information was obtained from the NVD database.
Official resources
-
CVE-2026-46311 CVE record
CVE.org
-
CVE-2026-46311 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2026-46311 was published on 2026-06-08 and modified on 2026-06-14.