How is CVE-2026-46218 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network exposure is involved (AV:L). Authentication (required): Any low-privilege local account is sufficient to trigger the vulnerable code path; no admin rights are needed (PR:L). Victim interaction (not-required): No user interaction is required; the attacker submits crafted GPU command buffers directly without involving another user (UI:N). Attack complexity (info): The exploit is reliable and condition-free; no race conditions or special memory layout are required to trigger the out-of-bounds access (AC:L).

What is the impact of CVE-2026-46218?

A successful attacker reads kernel memory contents that the process should not have access to, potentially exposing sensitive data held in kernel space such as pointers, credentials, or other processes' state (C:H). The vulnerability does not directly enable writes to arbitrary kernel memory through the IB bounds escape path alone, so data integrity impact is not indicated (I:N). The out-of-bounds access can corrupt kernel state or trigger a kernel panic, crashing the system and taking down all workloads running on the affected host (A:H). Containers sharing the host kernel are affected equally; a compromised container with GPU access could destabilize the node for all co-resident workloads.

Back to search

HIGHCVE-2026-46218Published 2026-05-28Modified 2026-05-30CNA Linux

CVE-2026-46218: drm/amdgpu: Add bounds checking to ib_{get,set}_value

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can handle arbitrary return values. Also make the idx a uint32_t to prevent overflows causing the condition to fail.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is an out-of-bounds read and write vulnerability in the Linux kernel's amdgpu DRM driver. A local attacker with a low-privilege account can trigger it without any network access or victim interaction, by submitting crafted GPU command buffers that cause the uvd/vce/vcn codec paths to access the Indirect Buffer (IB) at offsets beyond its allocated size. Successful exploitation reads sensitive kernel memory and can crash the affected system. A patched-image rebuild at the fix versions (6.6.140, 6.12.90, and 6.18.32) is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream Linux kernel security feeds within minutes of publication and matched against all customer images, including custom-built images that carry affected kernel versions. Any image whose kernel package version falls within the affected range is flagged automatically in both registry scans and CI/CD pipeline checks.

Available

Triage

HarborGuard scores this CVE at CVSS 7.1 HIGH (vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) and weights it against each customer environment's compliance policy to determine urgency. Triage results are routed to the appropriate team inbox within the customer org based on image ownership and policy configuration.

Available

Patch

A patched-image rebuild at fix versions 6.6.140, 6.12.90, and 6.18.32 is available on HarborGuard for any environment running an affected kernel version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network exposure is involved (AV:L).
AuthenticationRequired
Any low-privilege local account is sufficient to trigger the vulnerable code path; no admin rights are needed (PR:L).
Victim interactionNot required
No user interaction is required; the attacker submits crafted GPU command buffers directly without involving another user (UI:N).
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special memory layout are required to trigger the out-of-bounds access (AC:L).

Blast Radius

A successful attacker reads kernel memory contents that the process should not have access to, potentially exposing sensitive data held in kernel space such as pointers, credentials, or other processes' state (C:H).
The vulnerability does not directly enable writes to arbitrary kernel memory through the IB bounds escape path alone, so data integrity impact is not indicated (I:N).
The out-of-bounds access can corrupt kernel state or trigger a kernel panic, crashing the system and taking down all workloads running on the affected host (A:H).
Containers sharing the host kernel are affected equally; a compromised container with GPU access could destabilize the node for all co-resident workloads.

How HarborGuard Handles This

Available on HarborGuard: detection covers every image that packages a Linux kernel in the affected range, matched within minutes of the CVE being published. For environments running kernel versions below 6.6.140, 6.12.90, or 6.18.32, a rebuilt image at the appropriate fix version is available. Where compliance policy permits, customers with auto-remediation enabled receive an automated rebuild, a regression-test run, and a PR opened against affected workloads, with a median turnaround of around 90 minutes for high-severity findings. For environments where an immediate kernel upgrade is not feasible, compensating controls include restricting access to the amdgpu device node to trusted processes only (via cgroup device rules or seccomp profiles), and limiting which container workloads can open DRM render nodes until the patched kernel is deployed.

See how HarborGuard automates this

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: 0
Affected Products: 2

Fix available

00fb5cb556b249b2b64c0f818136c4c3e838ef53f6.6.1406.12.906.18.3266085e206431ef88ce36f53c1f53d570790ccc9e7.0.97.1-rc1a853178d23e774adfe3a35073c375b04b3b20f7dee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7fec8b11b55e53ff51a741e56894fe331a516f5c6

Affected packages

Linux / Linux
< 0fb5cb556b249b2b64c0f818136c4c3e838ef53f (from d38ceaf99ed015f2a0b9af3499791bd3a3daae21) · < a853178d23e774adfe3a35073c375b04b3b20f7d (from d38ceaf99ed015f2a0b9af3499791bd3a3daae21) · < fec8b11b55e53ff51a741e56894fe331a516f5c6 (from d38ceaf99ed015f2a0b9af3499791bd3a3daae21) · < ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7 (from d38ceaf99ed015f2a0b9af3499791bd3a3daae21) · < 66085e206431ef88ce36f53c1f53d570790ccc9e (from d38ceaf99ed015f2a0b9af3499791bd3a3daae21)
Linux / Linux
4.2
Fixed in 0, 6.6.140, 6.12.90, 6.18.32, 7.0.9, 7.1-rc1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Metrics

Fix available