7.1
CVE-2026-46190
- EPSS 0.13%
- Veröffentlicht 28.05.2026 09:36:44
- Zuletzt bearbeitet 11.06.2026 03:10:46
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() Sashiko noticed an out-of-bounds read [1]. In spi_nor_params_show(), the snor_f_names array is passed to spi_nor_print_flags() using sizeof(snor_f_names). Since snor_f_names is an array of pointers, sizeof() returns the total number of bytes occupied by the pointers (element_count * sizeof(void *)) rather than the element count itself. On 64-bit systems, this makes the passed length 8x larger than intended. Inside spi_nor_print_flags(), the 'names_len' argument is used to bounds-check the 'names' array access. An out-of-bounds read occurs if a flag bit is set that exceeds the array's actual element count but is within the inflated byte-size count. Correct this by using ARRAY_SIZE() to pass the actual number of string pointers in the array.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.19 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.88
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.30
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.7
Linux ≫ Linux Kernel Version7.1 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/9a80c458320e0514e11945402dd6e48fcee05524
https://git.kernel.org/stable/c/ca18c180b053f6ce80394322b314ac721c316af7
https://git.kernel.org/stable/c/34bdcfb496b29f9a52431194f94473b37fb8c162
https://git.kernel.org/stable/c/c0b654bc0b76a1da102d9138be1ed1223bd99310
https://git.kernel.org/stable/c/e47029b977e747cb3a9174308fd55762cce70147