Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Out-of-Bounds Read Vulnerability in AMD GPU VCN4 Processing

Vulnerability

A vulnerability allowing out-of-bounds reads has been addressed in the Linux kernel's AMDGPU video coding engine version 4.0. This issue arose during the parsing of instruction buffers, where improper bounds checks could lead to reading data outside the intended limits. The vulnerability has been mitigated by rewriting the instruction buffer parsing to utilize a function that properly handles bounds verification.

Impact

Exploitation of this vulnerability could lead to out-of-bounds read conditions, potentially allowing for unauthorized memory access or information leakage.

Reproduction

The vulnerability can be reproduced by parsing instruction buffers in the AMDGPU VCN4 engine without proper bounds checks, leading to out-of-bounds read conditions.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix is available in the Linux kernel stable tree.

Added: May 28, 2026, 11:31 AM
Updated: May 28, 2026, 11:31 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
9.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.