CVE-2026-46007 Linux CVE debrief

Who should care

System administrators running Linux on architectures with non-coherent DMA (certain ARM, MIPS, or other embedded platforms); kernel maintainers and distributors backporting stable fixes; security teams tracking kernel memory safety improvements

Technical summary

The powerz driver in the Linux kernel hwmon subsystem used a transfer buffer for DMA operations that could share a cacheline with a following mutex structure. On architectures without automatic cache coherency between CPU and DMA, this arrangement creates a race condition where CPU cache writes to the mutex could interfere with DMA operations on the buffer, or vice versa. The fix replaces manual buffer management with high-level DMA helper functions that guarantee cacheline alignment and prevent sharing between DMA-accessible memory and other kernel data structures. This is a defensive programming fix that eliminates a class of potential memory corruption issues on affected hardware platforms.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available through distribution channels
• Monitor NVD for CVSS scoring and CWE classification once analysis is complete
• Review systems using the powerz hardware monitoring driver for kernel version exposure
• Validate cache coherency configurations on affected architectures if running custom kernel builds

Evidence notes

The vulnerability description indicates this is a resolved issue in the Linux kernel hwmon powerz driver. The fix involves using DMA helper functions to prevent cacheline sharing between DMA buffers and mutexes. Four kernel.org stable tree commits are referenced, suggesting backports to multiple stable kernel branches. The CVE was published and modified on 2026-05-27, with NVD status 'Awaiting Analysis' indicating ongoing assessment. No CVSS score or severity has been assigned by NVD at this time.

Official resources