Out-of-bounds read in Linux kernel - CVE-2026-45994
Published: May 28, 2026
Vulnerability identifier: #VU132503
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45994
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in command_file_write() when processing a crafted dot command buffer. A local user can supply header fields that cause the declared command size to exceed the allocated buffer to disclose sensitive information.
Kernel heap memory may be leaked to the service processor through an out-of-bounds memcpy_toio() operation.
How to mitigate CVE-2026-45994
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0eb09f737428e482a32a2e31e5e223f2b35a71d3
- https://git.kernel.org/stable/c/a672682d39dd34e2b5ba4feb436723bed65125ff
- https://git.kernel.org/stable/c/aefc1a97da17d8309974690c8a03e439a91ebb1c
- https://git.kernel.org/stable/c/d0fb4d1dc43f8d5179917a2daaa82680993d4cdf
- https://git.kernel.org/stable/c/ee5737891464030a189837467df3b81a273718ad