CVE-2026-46001 Linux CVE debrief

Who should care

System administrators running Linux on hardware with PT5161L temperature sensors; embedded systems developers using I2C-connected hwmon devices; security teams assessing physical attack surface on systems with exposed I2C buses

Technical summary

The PT5161L hwmon driver in the Linux kernel contains a stack buffer overflow in `pt5161l_read_block_data()` due to undersized local buffer (24 bytes vs. 32 byte maximum I2C block transfer). The overflow occurs because `i2c_smbus_read_block_data()` writes data before return value validation. A secondary bug causes the function to return success (positive byte count) when all retries are exhausted due to unexpected data length, leading callers to process invalid data. The fix increases buffer size to `I2C_SMBUS_BLOCK_MAX` and returns `-EIO` on exhausted retries.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits once available from your Linux distribution
• Audit systems for presence of PT5161L temperature sensors and review I2C bus access controls
• Monitor kernel logs for unexpected PT5161L read failures that may indicate probing attempts
• Restrict physical access to I2C buses to prevent attachment of malicious devices

Evidence notes

The CVE description and kernel commit references confirm the vulnerability is in `pt5161l_read_block_data()` within the Linux kernel hwmon subsystem. The buffer overrun is exploitable only when a malicious or compromised I2C device is present on the bus, limiting attack surface to systems with untrusted hardware attached. The logic error could cause incorrect sensor readings but does not directly enable code execution.

Official resources