How is CVE-2026-46199 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network access to the target is required. Authentication (required): Any low-privilege local account is sufficient to trigger the vulnerable code path in the amdgpu VCN4 decode message parser. Victim interaction (not-required): No user interaction is needed; the attacker can trigger the out-of-bounds read entirely through their own actions. Attack complexity (info): The exploit is reliable and condition-free; no race conditions or specific memory layout requirements are needed to trigger the read.

What is the impact of CVE-2026-46199?

Reads kernel memory beyond the bounds of the allocated buffer object, potentially exposing sensitive kernel data such as heap contents, pointers, or credentials resident in adjacent memory. Triggers a kernel crash (denial of service) on the affected host, taking down all processes and workloads running on that node.

Back to search

HIGHCVE-2026-46199Published 2026-05-28Modified 2026-05-30CNA Linux

CVE-2026-46199: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg.

HarborGuard Analysis

HarborGuard analysis

Synopsis

An out-of-bounds read vulnerability exists in the Linux kernel's amdgpu DRM driver, specifically in the VCN4 video decode message parser. A local attacker with a low-privilege account can trigger the flaw without any network access or user interaction, causing the kernel to read memory beyond an allocated buffer object. Successful exploitation leaks sensitive kernel memory contents and can crash the affected system. A patched-image rebuild is available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection of CVE-2026-46199 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle an affected Linux kernel version.

Available

Triage

Triage is available using the CVSS v3.1 score of 7.1 (HIGH), weighted against each customer environment's compliance policy to prioritize the finding and route it to the appropriate team inbox within the customer org.

Available

Patch

A patched-image rebuild at the fix versions (6.6.140, 6.12.90, or the corresponding upstream commits) is available on HarborGuard for environments running an affected kernel. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the target is required.
AuthenticationRequired
Any low-privilege local account is sufficient to trigger the vulnerable code path in the amdgpu VCN4 decode message parser.
Victim interactionNot required
No user interaction is needed; the attacker can trigger the out-of-bounds read entirely through their own actions.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or specific memory layout requirements are needed to trigger the read.

Blast Radius

Reads kernel memory beyond the bounds of the allocated buffer object, potentially exposing sensitive kernel data such as heap contents, pointers, or credentials resident in adjacent memory.
Triggers a kernel crash (denial of service) on the affected host, taking down all processes and workloads running on that node.

How HarborGuard Handles This

Available on HarborGuard: detection and rebuild for CVE-2026-46199 are ready for affected environments. Where compliance policy permits auto-remediation, HarborGuard can rebuild the affected image at fix version 6.6.140 or 6.12.90, run a regression test suite against the rebuilt image, and open a pull request targeting affected workloads. The median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For environments where auto-remediation is not enabled, the finding is surfaced in the triage queue with CVSS scoring and policy weighting applied so the responsible team can act directly. Because exploitation requires local shell access, compensating controls such as restricting access to the amdgpu device node (for example via cgroup device allowlists or seccomp profiles) can reduce exposure in environments where an immediate kernel rebuild is not feasible.

See how HarborGuard automates this

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: 0
Affected Products: 2

Fix available

00a78f2bac1424deb7c9d5e09c6b8e849d8e8b6483c817a60b09eaab926e475088e750936efcc95ae6.6.1406.12.906.18.3263b51e8a9d54317d31cc3856c1e12407070d5fc27.0.97.1-rc17688143ca62edeecacb3ba0a2cea129dbd262a18c72a8b4dc6d598e3831ef3abd9c6527dfbf4810e

Affected packages

Linux / Linux
< c72a8b4dc6d598e3831ef3abd9c6527dfbf4810e (from 87cc7f9ebf7ce10f82250002d667ef3e93a79d44) · < 7688143ca62edeecacb3ba0a2cea129dbd262a18 (from 87cc7f9ebf7ce10f82250002d667ef3e93a79d44) · < 63b51e8a9d54317d31cc3856c1e12407070d5fc2 (from 87cc7f9ebf7ce10f82250002d667ef3e93a79d44) · < 3c817a60b09eaab926e475088e750936efcc95ae (from 87cc7f9ebf7ce10f82250002d667ef3e93a79d44) · < 0a78f2bac1424deb7c9d5e09c6b8e849d8e8b648 (from 87cc7f9ebf7ce10f82250002d667ef3e93a79d44)
Linux / Linux
5.13
Fixed in 0, 6.6.140, 6.12.90, 6.18.32, 7.0.9, 7.1-rc1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Metrics

Fix available