CVE-2026-46001

HIGH EPSS 2.9%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data() Fix two bugs in pt5161l_read_block_data(): 1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf[24], but i2c_smbus_read_block_data() can return up to I2C_SMBUS_BLOCK_MAX (32) bytes. The i2c-core copies the data into the caller's buffer before the return value can be checked, so the post-read length validation does not prevent a stack overrun if a device returns more than 24 bytes. Resize the buffer to I2C_SMBUS_BLOCK_MAX. 2. Unexpected positive return on length mismatch: When all three retries are exhausted because the device returns data with an unexpected length, i2c_smbus_read_block_data() returns a positive byte count. The function returns this directly, and callers treat any non-negative return as success, processing stale or incomplete buffer contents. Return -EIO when retries are exhausted with a positive return value, preserving the negative error code on I2C failure.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.9  –  <6.12.86
linuxlinux_kernel*≥6.13  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4

References 4

  • git.kernel.org https://git.kernel.org/stable/c/24c73e93d6a756e1b8626bb259d2e07c5b89b370
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7eccabff1c9ec15e4b6fe186d5c147b13a9cdb4e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95d48e37a1304d6148406c799479c0fb505aefa7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a11aa9c5fd9dfe62be7cfec1f2a7546afb77254c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/24c73e93d6a756e1b8626bb259d2e07c5b89b370
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7eccabff1c9ec15e4b6fe186d5c147b13a9cdb4e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95d48e37a1304d6148406c799479c0fb505aefa7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a11aa9c5fd9dfe62be7cfec1f2a7546afb77254c
    Patch