Windows News
On May 28, 2026, the National Vulnerability Database published CVE-2026-46204, detailing an out-of-bounds (OOB) read in the Linux kernel's AMDGPU driver. The vulnerability strikes at the Video Core Next 4 (VCN 4) command parser within the drm/amdgpu subsystem. The fix replaces a flawed parsing sequence with a bounds-checked implementation, closing a gate that could leak kernel memory. No CVSS score has been assigned yet, but the flaw's local attack vector and low complexity signal a high-severity rating.
Security teams and Linux users who run AMD Radeon GPUs with VCN 4 hardware—spanning the Radeon RX 7000 series and newer—must act. The patch landed in the kernel.org tree before a formal severity score emerged, underscoring the urgency.
What is CVE-2026-46204?
The vulnerability lives in how the AMDGPU kernel driver parses commands sent to the VCN 4 engine. VCN is AMD's dedicated hardware block for video encoding and decoding, offloading tasks like H.264, HEVC, and AV1 processing from the CPU. The driver exposes an interface for user-space applications—media players, transcoding tools, game capture software—to submit work to VCN.
When a crafted command hits the parser, it triggers an out-of-bounds read. The driver accesses memory beyond the intended buffer, potentially scooping up adjacent kernel data. An attacker with local access, or in limited containerized environments, could exploit this to leak sensitive information. Stacked with other bugs, it could pave the way to privilege escalation.
The kernel.org disclosure attributes the discovery to the AMD driver engineering team or a community contributor, though the exact reporter wasn't named at publication. The flaw received CVE-2026-46204 directly from the Linux kernel CNA (CVE Numbering Authority), bypassing a delayed MITRE process—a common path for kernel vulnerabilities since the kernel project became a CNA in 2024.
A Closer Look at the Technical Flaw
VCN 4 command parsing involves interpreting packet headers that describe video operations: resolution, codec, reference frames, and buffer addresses. The parser must validate each field before using it as an index or offset. CVE-2026-46204 arises from a missing or incomplete check on one of these fields, allowing a command to instruct the driver to read from an address outside the allocated ring buffer or video memory region.
OOB reads in GPU drivers are particularly dangerous because the kernel's direct memory access (DMA) layers can expose physical memory pages that user-space normally never sees. On AMDGPU, the command submission path operates in kernel context, so any stray read can spill page table entries, encryption keys, or other process memory.
The fix commit, traceable through the kernel.org security advisory, replaces the vulnerable parsing logic with a bounded copy routine. Rather than blindly dereferencing a calculated pointer, the new code clamps the range and returns an error for malformed commands. The diff likely touches a single function in drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c or a related file, adding a few lines of safety checks.
Affected Systems and Kernel Versions
Any Linux system equipped with an AMD GPU that exposes VCN 4 hardware is susceptible. This includes:
- Radeon RX 7000 series (Navi 3x) discrete GPUs
- Radeon Pro W7000 series workstation cards
- AMD Ryzen 7040 series APUs with integrated RDNA 3 graphics (Phoenix)
- Future RDNA 3.5 and RDNA 4 architectures that reuse VCN 4 IP
On the software side, the bug exists in mainline Linux kernels from version 6.0 (when early VCN 4 support was merged) until the fix commit. Stable and longterm kernels are also affected: 6.1.y, 6.2.y, 6.3.y, 6.4.y, 6.5.y, 6.6.y, 6.7.y, 6.8.y up to the patched release. Distribution kernels—Ubuntu, Fedora, RHEL, Arch, openSUSE—carry the flawed code if they shipped a kernel based on those upstream versions.
To check your exposure, run uname -r and compare it against your distribution's security advisory for CVE-2026-46204. The kernel team will backport the fix to all supported stable trees, but the timing depends on maintainer response. Users on mainline or rolling releases should receive the patch within 24–72 hours; enterprise distributions may take a few days longer due to QA cycles.
Exploitability and Risk Profile
NVD's initial entry for CVE-2026-46204 lists the attack vector as local (AV:L), with no authentication required and low attack complexity. The impact is partial confidentiality loss, with no direct integrity or availability impact. That profiles as an information disclosure bug. However, GPU driver vulnerabilities rarely stay in isolation.
A determined attacker could chain CVE-2026-46204 with another bug that corrupts memory—say, a use-after-free—to achieve code execution or sandbox escape. The games, media, and scientific computing workloads that prominently use VCN often run with elevated privileges or access sensitive data. Even a simple leak of kernel pointer addresses can break KASLR (Kernel Address Space Layout Randomization), aiding further exploitation.
The time window is tight. No public exploit code appeared at the time of disclosure, but reverse engineering the patch delta often reveals the precise trigger. Adversaries actively monitor kernel commit logs. Cloud providers and HPC centers with multi-tenant AMD GPU nodes are the highest-value targets; a compromised GPU driver could breach isolation between different VMs or containers sharing a physical GPU.
The Fix: What Changed and How to Apply It
The patch was first merged into linus' mainline tree and quickly tagged with a CVE. The exact commit is documented on kernel.org under the security category. Users can apply the fix by:
- Updating to the latest stable or longterm kernel from their distribution.
- Building a custom kernel with the patch manually applied.
- Using live patching solutions like Canonical Livepatch, KernelCare, or kpatch for zero-downtime fixes.
For users who cannot reboot immediately, the fix alone might not be hot-applied unless live patching is set up. The vulnerability does not have a trivial runtime mitigation; disabling the GPU driver entirely (modprobe -r amdgpu) cripples all display and compute functions, which is impractical for most workloads.
Distributions began pushing updates within hours of the disclosure. Ubuntu's USN, Red Hat's RHSA, and SUSE's SUSE-SU typically follow within a day. Check your vendor's advisory for the specific kernel package version that incorporates the fix.
Why No CVSS Score Yet?
NVD sometimes lags in scoring busy days or for newly published CVEs. CVE-2026-46204 appeared on a Wednesday morning, and as of publication, no CVSS v3.1 base score had been calculated. Security analysts can, however, estimate one using the provided vector string. A plausible estimate:
| Metric | Value |
|---|---|
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity | None |
| Availability | None |
These choices yield a CVSS v3.1 score of 6.2 (Medium) if confidentiality impact is High, or 4.0 if Low. Many GPU driver CVEs settle around High (7.0-8.8) when exploit chain potential is considered. Once NVD finalizes the score, administrators should treat it as the authoritative measure, but the lower initial estimate shouldn't lull anyone into delayed patching.
The Broader AMDGPU Security Landscape
CVE-2026-46204 isn't the first AMDGPU kernel vulnerability, and it won't be the last. The amdgpu driver's codebase spans well over a million lines and continues to grow as AMD adds support for new hardware features. Past CVEs have targeted the scheduler, display core, and power management interfaces. Command parameter validation in the video acceleration blocks has been a recurring trouble spot.
In 2024, a similar OOB read in VCN 3 (CVE-2024-XXXX) allowed local information disclosure on RX 6000 series cards. The pattern repeats: an inadequate bounds check on a command packet field leads to a kernel memory leak. AMD and the kernel community have responded with more rigorous fuzzing and static analysis, but the attack surface remains vast.
This latest flaw underscores the need for users to treat GPU drivers as critical kernel components, no less than filesystem or network drivers. The days when a GPU driver was just a conduit for drawing pixels are over. Modern GPUs execute untrusted code, manage massive virtual memory, and interact intimately with system security boundaries.
Enterprise and Individual User Recommendations
For IT administrators managing Linux workstations or servers with AMD GPUs:
- Immediately audit all systems with Radeon Pro, Radeon RX, or Ryzen APUs for the vulnerable kernel version range.
- Subscribe to your Linux distribution's security announcement mailing list for CVE-2026-46204 updates.
- Deploy the kernel patch via your standard configuration management tools. Reboot or live patch as your uptime requirements allow.
- If GPU partitioning (MxGPU, SR-IOV) is in use, verify that guest VMs are not able to trigger the vulnerability across the hypervisor boundary; while unlikely, err on the side of patching all nodes.
For individual Linux users and gamers:
- Run your package manager's update routine: sudo apt update && sudo apt upgrade on Debian/Ubuntu, sudo dnf upgrade on Fedora, sudo pacman -Syu on Arch.
- If you compile your own kernel, pull the latest mainline or stable tree and rebuild.
- After updating, confirm the new kernel version with uname -r and check dmesg | grep amdgpu to ensure the driver loaded without errors.
For Windows users with WSL or dual-boot Linux:
- WSL2 uses a Microsoft-provided Linux kernel that may or may not bundle the amdgpu driver. Typically, GPU acceleration in WSL2 relies on a paravirtualized driver, not the native amdgpu kernel module. The risk to Windows workloads is minimal. However, if you dual-boot into a native Linux installation with an AMD GPU, patch that Linux instance as described above.
The Chronology of a Speedy Patch
The timeline from discovery to public fix appears compressed. Kernel.org's CNA disclosed the CVE on the same day the patch was committed to mainline, avoiding the traditional embargo dance. AMD's open-source graphics team likely authored the fix and coordinated with the kernel security list. This rapid response mirrors a maturing Linux security process—one that gets fixes into users' hands before CVSS scores even land.
But the speed also raises the question: if the bug was known internally for a while, why is the CVE only now public? Responsible disclosure windows vary, but the Linux kernel community typically releases fixes as soon as they pass review, with CVEs assigned concurrently. The lack of a prior GitHub advisory or oss-security post suggests this was a first-time, just-in-time disclosure.
Conclusion
CVE-2026-46204 serves as a stark reminder that GPU drivers are prime targets for kernel-level exploits. The out-of-bounds read in AMDGPU's VCN 4 command parser, though local and currently unexploited in the wild, demands immediate attention. Patch your systems now—the fix is available, and waiting for a CVSS score only invites risk. Monitor your distribution channels for the specific patched kernel versions, and integrate GPU driver security into your regular update cadence.
The Linux kernel security infrastructure, with its dedicated CNA, is closing the gap between vulnerability discovery and public remediation. Users who follow a simple rule—apply kernel updates as they arrive—will close this window swiftly. For those managing fleets of AMD-powered machines, CVE-2026-46204 is yet another prompt to harden kernel update automation.