Out-of-bounds write in Linux kernel - CVE-2026-46294
Published: June 10, 2026
Vulnerability identifier: #VU134236
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46294
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local privileged user to cause a buffer overflow.
The vulnerability exists due to a buffer overflow in dm-ioctl retrieve_status when processing device mapper ioctl output buffers. A local privileged user can supply a crafted buffer layout to cause a buffer overflow.
Exploitation requires issuing device mapper ioctls, and the issue does not occur accidentally with commonly used libraries because they use 8-byte-aligned buffer sizes.
How to mitigate CVE-2026-46294
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/2fa49cc884f6496a915c35621ba4da35649bf159
- https://git.kernel.org/stable/c/448ee8fb79c26a26599ffa4b2adeb4322d3d3d8c
- https://git.kernel.org/stable/c/526ff9126a0ae087b65726e1faf31114c718020d
- https://git.kernel.org/stable/c/5af6a879e915ae7bcd83695c316ebb32e1c61bc2
- https://git.kernel.org/stable/c/8daa6c708ef524089ae43f2aed9190acb26d7df8
- https://git.kernel.org/stable/c/c8c5311237448f6ffeecc9aec2362e3692623668
- https://git.kernel.org/stable/c/d271631023cbe1cbe7c31a0275ab797883be6e0a
- https://git.kernel.org/stable/c/f0b0b09d9840838ae77ccdd6a62de0daef4e6e0a