Linux Kernel: Amdgpu IB bounds check vulnerability - CVE-2026-46218
CVE-2026-46218 Published on May 28, 2026
drm/amdgpu: Add bounds checking to ib_{get,set}_value
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Add bounds checking to ib_{get,set}_value
The uvd/vce/vcn code accesses the IB at predefined offsets without
checking that the IB is large enough. Check the bounds here. The caller
is responsible for making sure it can handle arbitrary return values.
Also make the idx a uint32_t to prevent overflows causing the condition
to fail.
Products Associated with CVE-2026-46218
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and below 0fb5cb556b249b2b64c0f818136c4c3e838ef53f is affected.
- Version d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and below a853178d23e774adfe3a35073c375b04b3b20f7d is affected.
- Version d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and below fec8b11b55e53ff51a741e56894fe331a516f5c6 is affected.
- Version d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and below ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7 is affected.
- Version d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and below 66085e206431ef88ce36f53c1f53d570790ccc9e is affected.
- Version 4.2 is affected.
- Before 4.2 is unaffected.
- Version 6.6.140, <= 6.6.* is unaffected.
- Version 6.12.90, <= 6.12.* is unaffected.
- Version 6.18.32, <= 6.18.* is unaffected.
- Version 7.0.9, <= 7.0.* is unaffected.
- Version 7.1-rc1, <= * is unaffected.