CVE-2026-46197 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. (cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/045e0ff208f0838a246c10204105126611b267a1
https://git.kernel.org/stable/c/6abd3a4417cb73a7d0db7e25bf11fae1074bdba3
https://git.kernel.org/stable/c/91c6dc5a41695d02dfc6299f106ac38a6c493e52
https://git.kernel.org/stable/c/ccd060b5c7cc75ae7e211c250b97c5b6272e7efc
https://git.kernel.org/stable/c/db9530a9873a7c85d2266a922589ebcf427fa631

History

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. (cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f)
Title		drm/amdkfd: validate SVM ioctl nattr against buffer size
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/045e0ff208f0838a246c10204105126611b267a1 https://git.kernel.org/stable/c/6abd3a4417cb73a7d0db7e25bf11fae1074bdba3 https://git.kernel.org/stable/c/91c6dc5a41695d02dfc6299f106ac38a6c493e52 https://git.kernel.org/stable/c/ccd060b5c7cc75ae7e211c250b97c5b6272e7efc https://git.kernel.org/stable/c/db9530a9873a7c85d2266a922589ebcf427fa631

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:13.722Z

Updated: 2026-05-28T09:40:13.722Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46197

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-28T10:16:35.360

Modified: 2026-05-28T10:16:35.360

Link: CVE-2026-46197

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46197", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.104Z", "datePublished": "2026-05-28T09:40:13.722Z", "dateUpdated": "2026-05-28T09:40:13.722Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-28T09:40:13.722Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: validate SVM ioctl nattr against buffer size\n\nValidate nattr field against the buffer size, preventing\nout-of-bounds buffer access via user-controlled attribute count.\n\n(cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdkfd/kfd_chardev.c", "drivers/gpu/drm/amd/amdkfd/kfd_priv.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "91c6dc5a41695d02dfc6299f106ac38a6c493e52", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ccd060b5c7cc75ae7e211c250b97c5b6272e7efc", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "db9530a9873a7c85d2266a922589ebcf427fa631", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6abd3a4417cb73a7d0db7e25bf11fae1074bdba3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "045e0ff208f0838a246c10204105126611b267a1", "status": "affected", "versionType": "git"}, {"version": "0", "lessThan": "6.6.140", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.12.90", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.18.32", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "7.0.9", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdkfd/kfd_chardev.c", "drivers/gpu/drm/amd/amdkfd/kfd_priv.h"], "versions": [{"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.90", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.32", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.9", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.90"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/91c6dc5a41695d02dfc6299f106ac38a6c493e52"}, {"url": "https://git.kernel.org/stable/c/ccd060b5c7cc75ae7e211c250b97c5b6272e7efc"}, {"url": "https://git.kernel.org/stable/c/db9530a9873a7c85d2266a922589ebcf427fa631"}, {"url": "https://git.kernel.org/stable/c/6abd3a4417cb73a7d0db7e25bf11fae1074bdba3"}, {"url": "https://git.kernel.org/stable/c/045e0ff208f0838a246c10204105126611b267a1"}], "title": "drm/amdkfd: validate SVM ioctl nattr against buffer size", "x_generator": {"engine": "bippy-1.2.0"}}}}