CVE-2026-46218
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Add bounds checking to ib_{get,set}_value
The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can handle arbitrary return values.
Also make the idx a uint32_t to prevent overflows causing the condition to fail.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 5da6c6430be0acb25b4242bce0323fc514d4e3cf | affected |
| Linux | Linux | d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 0fb5cb556b249b2b64c0f818136c4c3e838ef53f | affected |
| Linux | Linux | d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < a853178d23e774adfe3a35073c375b04b3b20f7d | affected |
| Linux | Linux | d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < fec8b11b55e53ff51a741e56894fe331a516f5c6 | affected |
| Linux | Linux | d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7 | affected |
| Linux | Linux | d38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 66085e206431ef88ce36f53c1f53d570790ccc9e | affected |
| Linux | Linux | 4.2 | affected |
| Linux | Linux | 0 < 4.2 | unaffected |
| Linux | Linux | 6.1.175 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.140 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.90 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.32 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.9 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/5da6c6430be0acb25b4242bce0323fc514d4e3cf
- https://git.kernel.org/stable/c/0fb5cb556b249b2b64c0f818136c4c3e838ef53f
- https://git.kernel.org/stable/c/a853178d23e774adfe3a35073c375b04b3b20f7d
- https://git.kernel.org/stable/c/fec8b11b55e53ff51a741e56894fe331a516f5c6
- https://git.kernel.org/stable/c/ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7
- https://git.kernel.org/stable/c/66085e206431ef88ce36f53c1f53d570790ccc9e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.