SB20260529107 - Out-of-bounds read in Linux kernel mtd spi-nor driver



SB20260529107 - Out-of-bounds read in Linux kernel mtd spi-nor driver

Published: May 29, 2026

Security Bulletin ID SB20260529107
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2026-46190)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to disclose sensitive information.

The vulnerability exists due to an out-of-bounds read in spi_nor_params_show() when displaying SPI NOR parameters through debugfs. A local attacker can trigger access to debugfs output to disclose sensitive information.

The issue is caused by passing the byte size of an array of pointers instead of the actual element count, which can permit reads past the end of the names array on 64-bit systems when certain flag bits are set.


Remediation

Install update from vendor's website.