CVE-2026-46218

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Add bounds checking to ib_{get,set}_value

The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can handle arbitrary return values.

Also make the idx a uint32_t to prevent overflows causing the condition to fail.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 5da6c6430be0acb25b4242bce0323fc514d4e3cfaffected
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 0fb5cb556b249b2b64c0f818136c4c3e838ef53faffected
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21 < a853178d23e774adfe3a35073c375b04b3b20f7daffected
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21 < fec8b11b55e53ff51a741e56894fe331a516f5c6affected
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21 < ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7affected
LinuxLinuxd38ceaf99ed015f2a0b9af3499791bd3a3daae21 < 66085e206431ef88ce36f53c1f53d570790ccc9eaffected
LinuxLinux4.2affected
LinuxLinux0 < 4.2unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.90 <= 6.12.*unaffected
LinuxLinux6.18.32 <= 6.18.*unaffected
LinuxLinux7.0.9 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References