Skip to main content

Linux Kernel EUVDEUVD-2026-32304

| CVE-2026-46007 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-42wq-59cj-7gvc
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

AC:H reflects architecture-dependency and requirement for specific USB hardware; PR:L because local user triggers hwmon operations; A:H for kernel crash; C:N and I:N per description.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 15:54 vuln.today
CVSS changed
Jun 16, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (powerz) Avoid cacheline sharing for DMA buffer

Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the buffer may be used for DMA, that is problematic.

Use the high-level DMA helpers to make sure that cacheline sharing can not happen.

Also drop the comment, as the helpers are documentation enough.

https://sashiko.dev/#/message/20260408175814.934BFC19421%40smtp.kernel.org

AnalysisAI

Cache coherency violation in the Linux kernel hwmon powerz driver allows a local low-privileged user to crash the kernel on architectures where DMA buffer cacheline aliasing with adjacent kernel structures (here, a mutex) produces undefined behavior. Affected systems must have the powerz USB hardware monitor driver loaded and the specific hardware attached. No public exploit code exists and EPSS is 0.02% (5th percentile), indicating negligible real-world exploitation activity; nonetheless the kernel availability impact (system crash) is concrete once triggered on a vulnerable architecture.

Technical ContextAI

The powerz driver (drivers/hwmon/powerz.c), introduced via commit 4381a36abdf1c5c0323c1c51f869dc000115eb20, manages a USB-based power/energy monitor device. It allocates a transfer buffer for DMA operations, but on architectures that lack transparent DMA cache coherency (e.g., non-coherent ARM or MIPS platforms), placing this DMA buffer adjacent in memory to a mutex means a CPU cacheline may span both objects. When the DMA controller writes to the buffer, it can silently overwrite or corrupt the cached copy of the mutex (or vice versa), since DMA bypasses CPU caches. The fix migrates to high-level DMA coherent allocation helpers (dma_alloc_coherent or equivalent), which guarantee separate, uncached mappings that cannot alias with other kernel data structures. CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*. No CWE is formally assigned, but this maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) or more precisely to improper DMA buffer isolation, a subclass of hardware-software interface misuse.

RemediationAI

Upgrade to a patched kernel release: Linux 6.12.88, 6.18.30, 7.0.4, or 7.1-rc1 per EUVD-2026-32304 and the upstream stable commits referenced at https://git.kernel.org/stable/c/1869da3efe703b016b23d4885f3fe6c1751959c6. Distribution-specific backports should be monitored via vendor security channels (e.g., RHEL, Ubuntu, SUSE errata) as the upstream commits are the authoritative source. As a compensating control where patching is not immediately possible, unloading or blacklisting the powerz kernel module (modprobe -r powerz; echo 'blacklist powerz' >> /etc/modprobe.d/blacklist.conf) prevents the vulnerable code path from executing entirely, with the trade-off that POWERZ USB power monitor hardware will cease to function. This workaround is low-risk on systems that do not use such hardware. Restricting physical/USB access to prevent insertion of powerz devices is an additional hardening measure on sensitive systems. No vendor advisory URL beyond the upstream kernel stable commits is currently available.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32304 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy