CVE-2026-45896 Linux CVE debrief

Who should care

Linux system administrators running kernels with Intel Discrete Graphics MTD support; embedded systems using Intel DG storage controllers; security teams monitoring for kernel driver vulnerabilities

Technical summary

The mtd_intel_dg driver in the Linux kernel contains a logic error where the regions array is indexed using nregions before the variable is initialized. This causes undefined behavior sanitizer (UBSAN) array-index-out-of-bounds errors when accessing index 0 of an array with unknown bounds. Additionally, the initialization loop fails to properly handle ENOMEM conditions from memory allocation, silently continuing rather than propagating the error. The vulnerability is local and requires the driver to be loaded, with impact limited to potential information disclosure or denial of service through improper memory access during device probe.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• Verify Intel DG MTD driver is not loaded on critical systems if patching is delayed
• Monitor kernel logs for UBSAN warnings related to mtd_intel_dg.c as indicators of vulnerable code paths
• Review custom kernel builds for inclusion of the mtd_intel_dg driver module

Evidence notes

The vulnerability is confirmed by kernel commit messages resolving the UBSAN array-index-out-of-bounds error at line 750 of mtd_intel_dg.c. The fix addresses both the out-of-bounds access and improper ENOMEM handling in the region initialization loop.

Official resources