CVE-2026-46314

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A local user can cause an infinite loop in the kernel context by crafting a self-referential extension where ext->next == &ext with zero in sync count and out sync count. This occurs because the v3d get extensions() function processes a userspace-provided singly-linked list of ioctl extensions without bounding the chain length. The existing duplicate-extension guard is bypassed because v3d get multisync post deps() returns immediately when the count is zero, leaving both fields at zero during every iteration. This results in the calling thread being blocked and a CPU core being pegged indefinitely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.