CVE-2026-46064 Linux CVE debrief

Who should care

Organizations running Linux on IBM server hardware with ASM service processors; kernel maintainers and distribution security teams responsible for stable kernel updates

Technical summary

The ibmasm driver for IBM Advanced Systems Management hardware contains a heap over-read in ibmasm_send_i2o_message(). The function derives memcpy_toio() length from user-supplied dot_command_header fields (command_size, data_size) without bounds checking. A root attacker can write a small buffer with inflated header values, causing up to ~65 KB of out-of-bounds kernel heap reads that are transmitted to the service processor. The vulnerability also risks I2O message frame exhaustion if validation occurs after hardware frame dequeuing. The fix implements three defenses: pre-validation of command_size before get_mfa_inbound() to prevent frame leaks, rejection of commands with header/buffer size mismatches to maintain SP synchronization, and clamping to I2O_COMMAND_SIZE for MMIO write bounds.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches when available
• Restrict root access on systems using IBM ASM (Advanced Systems Management) hardware
• Monitor for anomalous ibmasm driver activity or service processor communication failures
• Review systems with ibmasm kernel module loaded for unauthorized access

Evidence notes

CVE description confirms root-privilege requirement and heap over-read mechanism. Kernel commit references indicate stable backports. No CVSS score assigned by NVD at time of disclosure.

Official resources