CVE-2026-46006

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix u32 overflow in pushbuf reloc bounds check

nouveau gem pushbuf reloc apply() validates each relocation with

if (r->reloc bo offset + 4 > nvbo->bo.base.size)

but reloc bo offset is u32 (uapi/drm/nouveau drm.h) and the integer literal 4 promotes to unsigned int, so the addition is performed in 32 bits and wraps before the comparison against the size t bo size.

Cast to u64 so the addition happens in 64-bit arithmetic.

[ Add Fixes: tag. - Danilo ]