CVE-2026-46230 Overview
CVE-2026-46230 is an out-of-bounds read vulnerability in the Linux kernel's AMD GPU (amdgpu) driver, specifically in the Video Core Next 3 (VCN3) decoder message parsing path. The flaw resides in the logic that processes decoder messages stored in a buffer object (BO). Without proper bounds checking against the end of the BO, the kernel can read memory beyond the allocated message region. The upstream fix adds bounds validation whenever the message is accessed during decode message parsing.
Critical Impact
A local user with access to the AMD GPU device interface can trigger out-of-bounds reads in kernel memory, potentially leading to information disclosure or kernel instability on affected Linux systems.
Affected Products
- Linux kernel drm/amdgpu driver — VCN3 decoder message parsing path
- Linux distributions shipping kernels prior to the stable commits referenced below
- Systems with AMD GPUs using VCN3 video decode hardware
Discovery Timeline
- 2026-05-28 - CVE-2026-46230 published to NVD
- 2026-05-28 - Last updated in NVD database
Technical Details for CVE-2026-46230
Vulnerability Analysis
The vulnerability exists in the AMD GPU VCN3 (Video Core Next, third generation) decoder code path within the Direct Rendering Manager (DRM) subsystem. When userspace submits a decode command, the kernel parses a decoder message structure stored inside a GPU buffer object (BO). The parsing routine accesses fields within this message without consistently verifying that each access remains within the bounds of the BO.
Because the message size is not validated against the end of the BO before each field access, a crafted or truncated message can cause the parser to read past the end of the allocated buffer. This out-of-bounds read [CWE-125] occurs in kernel context and may expose adjacent kernel memory contents to the parser's control flow or cause invalid memory dereferences.
The upstream fix introduces bounds checks against the end of the BO at every point where the message is accessed, ensuring the parser never reads outside the allocated region.
Root Cause
The root cause is missing length validation in the VCN3 decode message handler. The parser assumed message fields were present at expected offsets without confirming that those offsets fell within the BO's mapped size. Any decode submission with a message smaller than expected, or with offsets pointing past the BO end, triggers the out-of-bounds read.
Attack Vector
Exploitation requires local access to the AMD GPU device, typically through /dev/dri/renderD* or /dev/dri/card* nodes accessible to users in the video or render group. An attacker submits a crafted video decode command containing a malformed decoder message inside a buffer object. The kernel parser then reads past the BO boundary while interpreting the message fields.
The vulnerability manifests during decoder message parsing. See the referenced stable kernel commits for the exact code paths and bounds-checking patches.
Detection Methods for CVE-2026-46230
Indicators of Compromise
- Kernel log entries referencing amdgpu VCN3 decode errors, page faults, or KASAN out-of-bounds read reports near the VCN decode message handling functions
- Unexpected GPU resets or hangs correlated with userspace processes performing video decode via VA-API or VDPAU
- Repeated decode submissions from non-multimedia processes accessing /dev/dri/renderD* nodes
Detection Strategies
- Enable Kernel Address Sanitizer (KASAN) in test environments to surface out-of-bounds reads in the amdgpu VCN3 code paths
- Audit dmesg for amdgpu warnings, GPU resets, or DRM scheduler timeouts following decode submissions
- Inventory running kernels against the patched stable commits referenced in this advisory to identify unpatched hosts
Monitoring Recommendations
- Track access patterns to /dev/dri/renderD* and /dev/dri/card* device nodes, especially from processes outside expected multimedia workflows
- Monitor for repeated GPU driver crashes or amdgpu ring timeouts in system logs
- Centralize kernel logs from Linux endpoints and workstations with AMD GPUs to correlate driver anomalies across the fleet
How to Mitigate CVE-2026-46230
Immediate Actions Required
- Update affected Linux systems to a kernel version that includes the upstream fix from one of the referenced stable branches
- Restrict membership in the video and render groups to trusted users and service accounts only
- Where video decode acceleration is not required, consider disabling the amdgpu VCN decoder or blocking access to DRM render nodes for untrusted users
Patch Information
The fix is available in the following Linux kernel stable commits:
- Kernel Stable Commit 638d3e0
- Kernel Stable Commit 638e48ee
- Kernel Stable Commit 870c8738
- Kernel Stable Commit b1930198
- Kernel Stable Commit e382e0b8
Apply the kernel update provided by your Linux distribution once the patched version is published, and reboot affected systems to load the fixed kernel.
Workarounds
- Limit access to DRM render nodes by tightening file permissions and group membership on /dev/dri/renderD*
- Disable hardware-accelerated video decode for untrusted workloads where feasible, forcing software decoding instead
- On multi-tenant systems, isolate untrusted users from direct GPU access using sandboxing or container restrictions on device passthrough
# Verify current kernel version and AMD GPU driver status
uname -r
lsmod | grep amdgpu
# Restrict render node access to the render group only
ls -l /dev/dri/renderD*
sudo chmod 0660 /dev/dri/renderD128
sudo chown root:render /dev/dri/renderD128
# After distribution patch is available, update and reboot
sudo apt update && sudo apt upgrade linux-image-generic # Debian/Ubuntu
sudo dnf update kernel # Fedora/RHEL
sudo reboot
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
