PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46307 Linux CVE debrief

CVE-2026-46307 is a HIGH severity vulnerability in the Linux kernel, with a CVSS score of 8.3. The vulnerability is related to an out-of-bounds array access in the ath5k driver. The issue arises from the fact that 'ts->ts_final_idx' can be 3 on 5212, causing an out-of-bounds access when setting 'info->status.rates[ts->ts_final_idx + 1].idx = -1;'. The array 'rates' is defined as 'struct ieee80211_tx_rate rates[IEEE80211_TX_MAX_RATES];' with a size of 4, defined by '#define IEEE80211_TX_MAX_RATES 4'. The fix sets the 'idx = -1' sentinel only if the array index is less than the array size.

Vendor
Linux
Product
Unknown
CVSS
HIGH 8.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-14
Advisory published
2026-06-08
Advisory updated
2026-06-14

Who should care

Users of the Linux kernel, specifically those using the ath5k driver, should be aware of this vulnerability. The effect of the OOB write is negligible, but it is still important to patch the vulnerability to prevent potential exploits.

Technical summary

The vulnerability is caused by an out-of-bounds array access in the ath5k driver. The issue arises from the fact that 'ts->ts_final_idx' can be 3 on 5212, causing an out-of-bounds access when setting 'info->status.rates[ts->ts_final_idx + 1].idx = -1;'. The array 'rates' is defined as 'struct ieee80211_tx_rate rates[IEEE80211_TX_MAX_RATES];' with a size of 4, defined by '#define IEEE80211_TX_MAX_RATES 4'.

Defensive priority

HIGH

Recommended defensive actions

  • Apply the patch to fix the out-of-bounds array access in the ath5k driver.
  • Use a supported and patched version of the Linux kernel.

Evidence notes

The vulnerability was reported by Vincent and resolved by setting the 'idx = -1' sentinel only if the array index is less than the array size.

Official resources

CVE-2026-46307 was published on 2026-06-08T17:16:49.547Z and modified on 2026-06-14T06:16:23.983Z.