PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46091 Linux CVE debrief

A DMA coherency vulnerability in the Linux kernel's igorplugusb remote control driver has been resolved. The USB request structure used in control requests could be subject to DMA on some host controllers without obeying DMA coherency rules, potentially leading to memory corruption or unstable behavior. The fix allocates the USB request structure separately to ensure proper DMA coherency compliance.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators, kernel maintainers, and users of systems with IgorPlug USB remote control receivers

Technical summary

The igorplugusb driver in the Linux kernel's media subsystem failed to properly handle DMA coherency requirements for USB request structures during control transfers. On host controllers that perform DMA on these structures, this violation of coherency rules could result in memory corruption, data inconsistency, or system instability. The resolution allocates the USB request structure separately to ensure it complies with DMA coherency requirements.

Defensive priority

medium

Recommended defensive actions

  • Review kernel version and confirm whether the igorplugusb driver is in use
  • Apply kernel updates containing the referenced stable commits when available
  • Monitor distribution security advisories for backported fixes
  • Consider disabling the igorplugusb driver if not required and patches are unavailable

Evidence notes

The vulnerability description indicates this is a resolved Linux kernel issue in the media/rc/igorplugusb driver. The fix involves proper DMA coherency handling for USB request structures during control transfers. Multiple stable kernel commits are referenced, suggesting backports to various kernel versions.

Official resources

public