PatchSiren cyber security CVE debrief
CVE-2026-46286 Linux CVE debrief
A vulnerability has been resolved in the Linux kernel, specifically in the leds: qcom-lpg module. The issue arises from an array overflow when selecting high resolution values. The FIELD_GET() function is used to pull from a 3-bit register, but the array being indexed only has 5 values. To prevent potential issues, proper checks have been added to ensure that the array index is within bounds.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel, particularly those using the leds: qcom-lpg module, should be aware of this vulnerability and ensure that they are running the patched version of the kernel.
Technical summary
The vulnerability is caused by an array overflow in the leds: qcom-lpg module. The FIELD_GET() function is used to pull from a 3-bit register, but the array being indexed only has 5 values. This could potentially lead to random data being read and used to set up chip values.
Defensive priority
Medium
Recommended defensive actions
- Update to the latest version of the Linux kernel
- Ensure that the leds: qcom-lpg module is patched
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found in the source references [ref-4], [ref-5], [ref-6], [ref-7], and [ref-8].
Official resources
-
CVE-2026-46286 CVE record
CVE.org
-
CVE-2026-46286 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public