During parsing of a decode message in the amdgpu vcn3 DRM driver, the kernel improperly checks buffer bounds, allowing access beyond the end of the buffer object. This out‑of‑bounds read exposes the contents of adjacent kernel memory, potentially leaking sensitive data or allowing an attacker to read arbitrary kernel addresses. The weakness is an instance of improper input validation and can lead to information disclosure or serve as a foothold for privilege escalation in kernel space.

The vulnerability exists in the Linux kernel's DRM/amdgpu/vcn3 component. All nodes running a Linux kernel version that incorporates the unpatched amdgpu driver are affected. No specific upstream version is listed, so any kernel build prior to the commit that introduced the fix should be considered vulnerable.

Because the issue resides in a kernel driver, exploitation requires interaction with a GPU device through the DRM interface. This typically mandates local user privileges or the ability to inject commands to the amdgpu driver; the attack vector is therefore inferred to be local or within a privileged context. The lack of an EPSS score or KEV listing indicates that the exploitability data is not publicly quantified, but the potential for kernel memory leakage justifies treating the risk as significant. No CVSS score is provided, so assessing severity must rely on the described impact and typical kernel privilege assumptions.