CVE-2026-46218
HIGH
Published May 28, 2026
Modified Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible for making sure it can handle arbitrary return values. Also make the idx a uint32_t to prevent overflows causing the condition to fail.
CVSS v3.1 Score
7.1
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS — Exploit Prediction
0.0013
Probability of exploitation
0.03%
Percentile rank
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
References
Other References
https://git.kernel.org/stable/c/0fb5cb556b249b2b64c0f818136c4c3e838ef53f
https://git.kernel.org/stable/c/5da6c6430be0acb25b4242bce0323fc514d4e3cf
https://git.kernel.org/stable/c/66085e206431ef88ce36f53c1f53d570790ccc9e
https://git.kernel.org/stable/c/a853178d23e774adfe3a35073c375b04b3b20f7d
https://git.kernel.org/stable/c/ee26fcf7c5cf131f0b6a732faa27d79ec61b8ec7
https://git.kernel.org/stable/c/fec8b11b55e53ff51a741e56894fe331a516f5c6
Frequently Asked Questions
What is CVE-2026-46218? +
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Add bounds checking to ib_{get,set}_value
The uvd/vce/vcn code accesses the IB at predefined offsets without
checking that the IB is large enough. Check the bounds here. The caller
is responsible for making sure it can handle arbitrary return values.
Also make the idx a uint32_t to prevent overflows causing the condition
to fail. It has a CVSS v3.1 base score of 7.1 (HIGH).
How severe is CVE-2026-46218? +
CVE-2026-46218 has a CVSS v3.1 score of 7.1 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching. The EPSS score is 0.0013, placing it in the 0th percentile for exploitation probability.
How do I check if I'm vulnerable to CVE-2026-46218? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.