Linux Kernel Memory Access Vulnerability in DRM Graphics Subsystem
CVE-2026-46209

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46209?

This vulnerability in the Linux kernel's DRM graphics subsystem arises due to an inconsistency in the calculation of plane dimensions within the drm_gem_fb_init_with_funcs() function. The flawed calculations can allow a tiny GEM (Graphics Execution Manager) object to bypass size validations, leading to potential out-of-bounds memory access during GPU operations. The issue is particularly evident with specific pixel formats like NV12, resulting in a scenario where the framebuffer size gets miscalculated, allowing for serious memory corruption problems. The fix implemented ensures that division operations are consistently handled to prevent these vulnerabilities.

Affected Version(s)

Linux 4c3dbb2c312c9fafbac30d98c523b8b1f3455d78 < 6b992591e04f2cce813bcf239b354f375bbf84d3

Linux 4c3dbb2c312c9fafbac30d98c523b8b1f3455d78 < 1da4ab7189f1064b3b712b388772c008b4d82580

Linux 4c3dbb2c312c9fafbac30d98c523b8b1f3455d78 < 1a17ea9861e89585361caa8bc231bd22dc6dbe7d

References

https://git.kernel.org/stable/c/6b992591e04f2cce813bcf239...

https://git.kernel.org/stable/c/1da4ab7189f1064b3b712b388...

https://git.kernel.org/stable/c/1a17ea9861e89585361caa8bc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46209 Data

JSON