CVE-2026-46237
HighIn the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn3: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. (cherry picked from commit db00257ac9e4a51eb2515aaea161a019f7125e10)
CVSS 3.1 score
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected versions
Linux kernel versions
7.1-rc1
and later are affected. Fixed in
7.1-rc2
and their respective stable series.
References
The following references provide additional information about CVE-2026-46237 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/016b64a0313ea5346cf526e30c8d3e66aca10175
-
PatchKernel patch commithttps://git.kernel.org/stable/c/1936310f68c54be961de38ac539cef9b543207cb
-
PatchKernel patch commithttps://git.kernel.org/stable/c/2e43b66fceacd6e982b94f2e3f8b34edd7463396
Frequently asked questions
-
What is CVE-2026-46237?
CVE-2026-46237 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 . It affects Linux kernel versions from 7.1-rc1 onward and has been patched in 7.1-rc2. CVE-2026-46237 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2026-46237?
CVE-2026-46237 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. -
Is there a patch available for CVE-2026-46237?
Yes — CVE-2026-46237 has been patched. Fixed versions include 7.1-rc2. If you are running Linux kernel 7.1-rc1 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-46237 actively exploited?
No — CVE-2026-46237 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.