{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46218", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.105Z", "datePublished": "2026-05-28T09:40:34.367Z", "dateUpdated": "2026-05-28T09:40:34.367Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-28T09:40:34.367Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add bounds checking to ib_{get,set}_value\n\nThe uvd/vce/vcn code accesses the IB at predefined offsets without\nchecking that the IB is large enough. Check the bounds here. The caller\nis responsible for making sure it can handle arbitrary return values.\n\nAlso make the idx a uint32_t to prevent overflows causing the condition\nto fail."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0fb5cb556b249b2b64c0f818136c4c3e838ef53f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a853178d23e774adfe3a35073c375b04b3b20f7d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fec8b11b55e53ff51a741e56894fe331a516f5c6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "66085e206431ef88ce36f53c1f53d570790ccc9e", "status": "affected", "versionType": "git"}, {"version": "0", "lessThan": "6.6.140", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.12.90", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.18.32", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "7.0.9", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h"], "versions": [{"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.90", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.32", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.9", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.90"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0fb5cb556b249b2b64c0f818136c4c3e838ef53f"}, {"url": "https://git.kernel.org/stable/c/a853178d23e774adfe3a35073c375b04b3b20f7d"}, {"url": "https://git.kernel.org/stable/c/fec8b11b55e53ff51a741e56894fe331a516f5c6"}, {"url": "https://git.kernel.org/stable/c/ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7"}, {"url": "https://git.kernel.org/stable/c/66085e206431ef88ce36f53c1f53d570790ccc9e"}], "title": "drm/amdgpu: Add bounds checking to ib_{get,set}_value", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add bounds checking to ib_{get,set}_value\n\nThe uvd/vce/vcn code accesses the IB at predefined offsets without\nchecking that the IB is large enough. Check the bounds here. The caller\nis responsible for making sure it can handle arbitrary return values.\n\nAlso make the idx a uint32_t to prevent overflows causing the condition\nto fail."}], "id": "CVE-2026-46218", "lastModified": "2026-05-28T10:16:37.423", "metrics": {}, "published": "2026-05-28T10:16:37.423", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0fb5cb556b249b2b64c0f818136c4c3e838ef53f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/66085e206431ef88ce36f53c1f53d570790ccc9e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a853178d23e774adfe3a35073c375b04b3b20f7d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fec8b11b55e53ff51a741e56894fe331a516f5c6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}