Skip to main content

Linux Kernel EUVDEUVD-2026-32857

| CVE-2026-46230 HIGH
Out-of-bounds Read (CWE-125)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-gf2x-fj7m-8p77
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 12:09 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.1 (HIGH)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 28, 2026 - 10:16 nvd
HIGH 7.1

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg

Check bounds against the end of the BO whenever we access the msg.

AnalysisAI

Out-of-bounds read in the Linux kernel's AMD GPU VCN3 (Video Core Next, generation 3) decoder message parser allows a local low-privileged user to read kernel memory beyond the buffer object boundary and potentially trigger denial of service. The flaw was resolved by adding bounds checks against the end of the buffer object whenever the dec msg is accessed. EPSS is very low (0.02%, 6th percentile) and no public exploit has been identified at time of analysis.

Technical ContextAI

The vulnerability resides in the AMDGPU Direct Rendering Manager (DRM) driver, specifically in the VCN3 (Video Core Next, version 3) block that handles hardware-accelerated video decode on AMD GPUs. When the kernel parses a decoder message (dec msg) supplied via a userspace-submitted buffer object (BO), it accessed fields without sufficiently validating that those reads stayed within the BO's mapped extent, enabling out-of-bounds reads past the allocation. The upstream fix (commits 638d3e0b, 638e48ee, 870c8738, b193019860, e382e0b8) introduces explicit bounds checks against the end of the BO on each msg access. CWE is not assigned by NVD but the defect class is CWE-125 (Out-of-bounds Read).

RemediationAI

Vendor-released patch: upgrade to Linux kernel 6.6.140, 6.12.90, 6.18.32, 7.0.9, or 7.1-rc1 (whichever matches your stable branch), with upstream commits available at https://git.kernel.org/stable/c/638d3e0b9eb77aa53fdd60e2b928761d16ba76fa and the four sibling backports listed in the NVD references. Enterprise users should track their distribution's kernel security update channel and apply the next regression-tested kernel package. If immediate patching is not feasible on multi-tenant or untrusted-user systems, compensating controls include restricting access to /dev/dri/renderD* and /dev/dri/card* nodes via the 'video' and 'render' group memberships (trade-off: breaks GPU-accelerated decode/encode for non-privileged users and any application using VA-API on AMD), disabling hardware video decode in user-space media stacks (trade-off: increased CPU load and reduced battery life), or blacklisting the amdgpu module on hosts that do not need GPU functionality (trade-off: no graphics acceleration at all).

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-32857 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy