CVE-2026-46006
- Source
- https://cve.org/CVERecord?id=CVE-2026-46006
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46006.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-46006
- Downstream
- Related
- Published
- 2026-05-27T12:56:05.273Z
- Modified
- 2026-06-05T18:29:27.480736695Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
nouveaugempushbufrelocapply() validates each relocation with
if (r->reloc_bo_offset + 4 > nvbo->bo.base.size)but relocbooffset is __u32 (uapi/drm/nouveaudrm.h) and the integer literal 4 promotes to unsigned int, so the addition is performed in 32 bits and wraps before the comparison against the sizet bo size.
Cast to u64 so the addition happens in 64-bit arithmetic.
[ Add Fixes: tag. - Danilo ]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46006.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2fc87d37be1b730a149b035f9375fdb8cc5333a5
- https://git.kernel.org/stable/c/332884f5eb79dd60a7162b079d09d39208567a31
- https://git.kernel.org/stable/c/45a45184b9c0b0b26ead06e370cda2073616a7cc
- https://git.kernel.org/stable/c/573a1104bd36e49c067a9dc62e7c476d5ee7e92a
- https://git.kernel.org/stable/c/d749a9a0ee4014681487e7ae549901aa8c176637
- https://git.kernel.org/stable/c/e441d5c23ec644c8d27593db3b8928e8933512a9
- https://git.kernel.org/stable/c/fa297e919d1680c38ab268ff952b1698dac987f6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46006.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-46006
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda1606a9596e54da90ad6209071b357a4c1b0fa82Fixed573a1104bd36e49c067a9dc62e7c476d5ee7e92aFixed45a45184b9c0b0b26ead06e370cda2073616a7ccFixedfa297e919d1680c38ab268ff952b1698dac987f6Fixedd749a9a0ee4014681487e7ae549901aa8c176637Fixed332884f5eb79dd60a7162b079d09d39208567a31Fixede441d5c23ec644c8d27593db3b8928e8933512a9Fixed2fc87d37be1b730a149b035f9375fdb8cc5333a5
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.34Fixed5.15.209
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.175
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.140
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.86
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.27
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed7.0.4