PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46289 Linux CVE debrief

A vulnerability was discovered in the Linux kernel's lib/scatterlist, specifically in the extract_kvec_to_sg function. The bug allowed the length of an sglist entry to exceed the number of bytes in a page when extracting from a kvec. Additionally, when extracting a user buffer, the sglist was temporarily used as a scratch buffer for extracted page pointers, potentially overlapping with existing entries. The vulnerability was introduced in kernel v6.3 and moved to lib/scatterlist.c in v6.5. The fix is marked for backports to v6.5+.

Vendor
Linux
Product
Unknown
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-14
Advisory published
2026-06-08
Advisory updated
2026-06-14

Who should care

Users of Linux kernel versions prior to v6.5 who may be affected by this vulnerability.

Technical summary

The vulnerability is in the lib/scatterlist's extract_kvec_to_sg function. It was introduced in kernel v6.3 and moved to lib/scatterlist.c in v6.5. The bug could allow lengths of sglist entries to exceed page byte counts when extracting from kvecs. It also could cause sglist scratch buffer overlaps when extracting user buffers.

Defensive priority

High

Recommended defensive actions

  • Apply the patch or update to a Linux kernel version that includes the fix (v6.5 or later).
  • Review and test patches provided by Linux distribution vendors for backports to earlier kernel versions.

Evidence notes

The CVE was published on 2026-06-08 and modified on 2026-06-14. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL.

Official resources

public