PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46190 Linux CVE debrief

A vulnerability in the Linux kernel's SPI NOR flash driver debugfs interface could allow out-of-bounds memory reads. The issue stems from an incorrect size calculation when passing an array of flag names to a helper function.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-30
Advisory published
2026-05-28
Advisory updated
2026-05-30

Who should care

Linux system administrators, embedded device manufacturers using SPI NOR flash, and security teams monitoring kernel vulnerabilities

Technical summary

The spi_nor_params_show() function in the Linux kernel's MTD SPI NOR driver incorrectly uses sizeof() on an array of string pointers when calling spi_nor_print_flags(). On 64-bit systems, this causes the bounds check to use 8 times the actual element count, permitting out-of-bounds reads when flag bits exceed the true array size but remain within the inflated byte count. The fix replaces sizeof() with ARRAY_SIZE() to pass the correct element count.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates from your Linux distribution that include the fix for CVE-2026-46190
  • Verify that debugfs is mounted with restrictive permissions or disabled if not required for production systems
  • Monitor kernel logs for any unusual debugfs access patterns
  • Review local access controls to limit exposure of debugfs interfaces

Evidence notes

The vulnerability was identified by Sashiko and reported via the Linux kernel mailing list. The fix has been committed to multiple stable kernel branches.

Official resources

2026-05-28