SB2026052986 - Integer overflow in Linux kernel gpu drm driver



SB2026052986 - Integer overflow in Linux kernel gpu drm driver

Published: May 29, 2026

Security Bulletin ID SB2026052986
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Integer overflow (CVE-ID: CVE-2026-46209)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform out-of-bounds read or write operations.

The vulnerability exists due to an integer overflow in drm_gem_fb_init_with_funcs() when initializing framebuffer plane dimensions for sub-sampled pixel formats. A local user can create a specially crafted framebuffer configuration to perform out-of-bounds read or write operations.

The issue can occur for certain pixel format and dimension combinations where plane height calculation truncates instead of rounding up, causing the GEM object size check to accept an undersized object.


Remediation

Install update from vendor's website.