PatchSiren cyber security CVE debrief
CVE-2026-46314 Linux CVE debrief
CVE-2026-46314 is a vulnerability in the Linux kernel's drm/v3d component. A local user can trigger an infinite loop by providing a specially crafted multisync extension with zero in_sync_count and out_sync_count, bypassing the existing duplicate-extension guard. The vulnerability has been resolved by rejecting empty multisync extensions.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Linux kernel users and administrators
Technical summary
The vulnerability exists in the v3d_get_extensions() function, which walks a userspace-provided singly-linked list of ioctl extensions without bounds. A local user can craft a self-referential extension with zero in_sync_count and out_sync_count, causing an infinite loop.
Defensive priority
high
Recommended defensive actions
- Apply the patches provided by the Linux kernel maintainers [ref-4], [ref-5], [ref-6]
Evidence notes
The vulnerability was discovered and resolved by the Linux kernel maintainers.
Official resources
-
CVE-2026-46314 CVE record
CVE.org
-
CVE-2026-46314 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public