Skip to main content

Linux Kernel CVE-2026-46217

| EUVDEUVD-2026-32844 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-4cx5-6rwv-f35m
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 19:29 vuln.today
CVSS changed
Jun 10, 2026 - 19:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/vcn4: Avoid overflow on msg bound check

As pointed out by SDL, the previous condition may be vulnerable to overflow.

(cherry picked from commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885)

AnalysisAI

Integer overflow in the AMDGPU VCN4 (Video Core Next 4) multimedia driver within the Linux kernel allows a local low-privileged user to cause a kernel denial of service. The bounds check on incoming messages to the VCN4 encoder/decoder engine contains an overflow-vulnerable condition, meaning a crafted message can bypass intended size validation. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at the 5th percentile, indicating very low real-world exploitation likelihood currently.

Technical ContextAI

The vulnerability resides in the drm/amdgpu/vcn4 subsystem of the Linux kernel's Direct Rendering Manager (DRM) stack - specifically the message bounds-checking logic used by AMD's Video Core Next 4 (VCN4) hardware video codec engine. The affected component validates message buffer sizes before passing them to VCN4 hardware, but a comparison or arithmetic condition in that check is susceptible to integer overflow, meaning the guard can be defeated when specially crafted input values wrap around the integer type's maximum value. The CPE entry (cpe:2.3:o:linux:linux_kernel:7.1:rc1) confirms the issue was introduced or present in Linux 7.1-rc1. CWE-674 (Uncontrolled Recursion) is assigned by NVD, but the description and 'Buffer Overflow' tag strongly suggest an integer overflow (CWE-190) or improper bounds check (CWE-193) is the true root cause - this CWE assignment appears inconsistent with the technical description and should be treated with caution.

RemediationAI

The primary fix is to upgrade to Linux kernel 7.1-rc2 or later, which contains commit 3c5367d950140d4ec7af830b2268a5a6fdaa3885 that corrects the overflow condition in the VCN4 message bounds check. For stable kernel users, the fix has been backported to multiple stable branches - apply the relevant stable commit for your tree from git.kernel.org (see commits 271cd5429513, 30d12ee310a6, 5bb5faff4837, 65bce27ea619, 73043d296787, and f7bf02dcb7c7). If patching immediately is not possible, a compensating control is to restrict local user access to the DRM/AMDGPU device node (typically /dev/dri/renderD*) via group membership or udev rules, preventing unprivileged processes from submitting messages to VCN4. This mitigation trades off accessibility of GPU video encoding/decoding for non-privileged applications. Systems without AMD VCN4-generation GPUs are not affected and require no action.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46217 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy