Skip to main content

Linux Kernel EUVDEUVD-2026-32754

| CVE-2026-46236 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-p3mg-vw2c-rfp8
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local attack vector and low privilege required to access the device node; sole impact is kernel availability via DMA-induced panic.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 21:42 vuln.today
CVSS changed
Jun 10, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

media: rc: xbox_remote: heed DMA restrictions

The buffer for IO must not be part of the device structure because that violates the DMA coherency rules.

AnalysisAI

Availability impact in the Linux kernel's xbox_remote media/rc driver allows a local, low-privileged user with access to the affected device to crash the kernel via a DMA coherency violation. The IO buffer used for USB transfers is embedded directly within the device structure, which violates DMA coherency rules and can trigger memory corruption leading to kernel panic. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% reflects minimal observed exploitation activity. Vendor-released patches are available across multiple stable kernel branches.

Technical ContextAI

The vulnerability resides in the xbox_remote driver under drivers/media/rc/ in the Linux kernel. Direct Memory Access (DMA) requires that buffers used for IO operations reside in DMA-coherent memory regions - memory that satisfies specific alignment, caching, and bus-access constraints set by the hardware. Embedding the IO buffer inside the device structure (likely a struct allocated via kzalloc without DMA-safe guarantees) violates these constraints, as the surrounding struct members may be cached inconsistently by the CPU and the DMA controller. This can lead to data corruption, undefined behavior, or kernel panic. The CPE string cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* covers the affected kernel versions broadly. No CWE is formally assigned, but this maps conceptually to improper resource management and DMA API misuse. The affected component is specific to systems that load the xbox_remote RC (remote control) driver, typically those with an Xbox USB IR remote receiver attached.

RemediationAI

The primary fix is to upgrade the Linux kernel to a patched stable release: 6.6.140, 6.12.90, 6.18.32, or 7.0.9 depending on the branch in use, or track 7.1-rc1 for mainline. Patch commits are linked in the References section and tracked via the NVD advisory at https://nvd.nist.gov/vuln/detail/CVE-2026-46236. As a compensating control for systems that cannot be patched immediately, administrators can prevent the xbox_remote kernel module from loading by blacklisting it: add 'blacklist xbox_remote' to /etc/modprobe.d/blacklist.conf and run 'update-initramfs -u'. This will disable Xbox IR remote functionality as a trade-off. Alternatively, applying udev rules to restrict access to the relevant device node to root-only (MODE='0600') raises the privilege bar, though this does not eliminate the underlying DMA flaw if root-level code exercises the driver.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32754 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy