Skip to main content

Linux Kernel CVE-2026-46091

| EUVDEUVD-2026-32474 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-gmw8-8fgq-33v2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector confirmed by hardware dependency; PR:L since a logged-in user triggers it; C:N/I:N as only kernel availability is impacted.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:35 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

media: rc: igorplugusb: heed coherency rules

In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately.

AnalysisAI

Denial of service in the Linux kernel's igorplugusb infrared remote control driver allows a local low-privileged user to crash the kernel on systems where a compatible USB IR receiver is connected and the host controller performs DMA on control requests. The igorplugusb driver failed to allocate the USB control request structure separately, violating DMA coherency requirements enforced by certain host controllers - an object allocated on the kernel stack or embedded in a larger structure is not guaranteed to be DMA-safe. No public exploit code exists, and EPSS of 0.02% confirms negligible exploitation interest. Vendor-released patches are available across multiple stable branches.

Technical ContextAI

The affected component is the igorplugusb driver (drivers/media/rc/igorplugusb.c) in the Linux kernel's remote control (RC) subsystem. USB control transfers on some host controllers use Direct Memory Access (DMA) to move data between the controller and system memory. DMA coherency rules require that DMA-mapped buffers be properly aligned, physically contiguous, and not subject to cache aliasing - conditions that are not guaranteed if the USB request structure (urb transfer buffer) is embedded in a stack frame or parent data structure. The root cause is improper memory allocation for a DMA-capable buffer, a class of flaw related to CWE-119 (improper buffer handling) or CWE-665 (improper initialization), though NVD has not assigned a CWE. The CPE cpe:2.3:o:linux:linux_kernel confirms the entire Linux kernel OS is the affected product, with the bug introduced from commit b1c97193c643 across multiple stable series. The 'Information Disclosure' tag in the source data conflicts with the CVSS C:N metric and is likely a mislabeling - the actual impact is kernel availability only.

RemediationAI

Upgrade to a patched kernel version: 6.6.140 or later for the 6.6 LTS branch, 6.12.86 or later for the 6.12 LTS branch, 6.18.27 or later for the 6.18 branch, 7.0.4 or later for the 7.0 branch, or any 7.1-rc1 or later release. Fix commits are available directly at git.kernel.org/stable (see references: 0adac0ee, 0be8fcd9, 18d6a7c9, a62ca67e, eac69475, 0e84aa8f, 81f0fb81, bc04b863). For systems where immediate kernel upgrade is not feasible and igorplugusb hardware is not in use, the compensating control is to blacklist the igorplugusb kernel module via 'echo blacklist igorplugusb >> /etc/modprobe.d/blacklist.conf && rmmod igorplugusb' - this eliminates the attack surface with no functional impact on systems without USB IR receiver hardware. Unloading the module carries no service side effects on systems not actively using the device.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-46091 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy