Skip to main content

Linux Kernel CVE-2026-45896

| EUVDEUVD-2026-32362 HIGH
Improper Validation of Array Index (CWE-129)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-x95w-mwf5-x656
High
Disputed · 7.8 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local-only kernel driver path (AV:L), no user interaction, low-privileged trigger assumed (PR:L), and out-of-bounds kernel memory corruption yields high C/I/A.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
6.6 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 23:34 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
7.8 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 7.8
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mtd: intel-dg: Fix accessing regions before setting nregions

The regions array is counted by nregions, but it's set only after accessing it:

[] UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd_intel_dg.c:750:15 [] index 0 is out of range for type '<unknown> [*]'

Fix it by also fixing an undesired behavior: the loop silently ignores ENOMEM and continues setting the other entries.

AnalysisAI

Out-of-bounds array access in the Linux kernel's Intel Discrete Graphics MTD driver (mtd_intel_dg.c) lets a local actor trigger kernel memory corruption when the driver enumerates NVM regions before nregions is initialized. The flaw, caught by UBSAN as an array-index-out-of-bounds at line 750, affects systems running kernel 6.17 through the pre-patch 6.18/6.19 series with Intel discrete graphics hardware. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile).

Technical ContextAI

The vulnerability lives in drivers/mtd/devices/mtd_intel_dg.c, the MTD (Memory Technology Device) backend that exposes the non-volatile flash regions of Intel discrete GPUs (e.g., Arc/Xe-based cards) to the kernel's flash subsystem. The regions[] array is sized/counted by the nregions field, but the driver iterated over and wrote into the array before nregions was set, so bounds derived from an uninitialized/zero count permitted indexing past the allocation. This is CWE-129 (Improper Validation of Array Index): the loop also silently ignored ENOMEM and kept populating subsequent entries, compounding the unsafe indexing with mishandled allocation failure. The defect maps to the 'Buffer Overflow' tag and is a classic ordering bug - using a counter before it has been assigned its real value.

RemediationAI

Vendor-released patch: upgrade to Linux 6.18.14, 6.19.4, or 7.0 (or the corresponding distribution backport carrying the fix). The upstream fixes are available as stable-tree commits 721bd22bcf45a63ebd9bd0f478ef721b45cc5383, 779c59274d03cc5c07237a2c845dfb71cff77705, and d58fca8513414b15387460b14a7a0a30405b9c9e (https://git.kernel.org/stable/c/721bd22bcf45a63ebd9bd0f478ef721b45cc5383). Where immediate kernel upgrade is not possible, a targeted compensating control is to blacklist/unload the intel-dg MTD module (e.g., prevent the mtd_intel_dg driver from loading via modprobe blacklist) on hosts that do not require GPU NVM access - the trade-off is loss of flash-region management for the affected Intel discrete GPU, which is acceptable on most systems that never use that feature. On systems where the GPU is in active use, prioritize the kernel update rather than unloading the driver.

More in Intel

View all
CVE-2017-5689 CRITICAL POC
9.8 May 02

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana

CVE-2012-5958 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2012-5959 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5964 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5963 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5961 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5965 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5962 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2012-5960 CRITICAL POC
10.0 Jan 31

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable

CVE-2015-2291 HIGH POC
7.8 Aug 09

Local privilege escalation to SYSTEM in Intel Ethernet diagnostics driver (IQVW32.sys/IQVW64.sys versions before 1.3.1.0

CVE-2024-44308 HIGH
8.8 Nov 20

Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously cra

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy