CVE-2026-43380
Modified Modified - Updated After Analysis
Stack Overflow in Linux Kernel PMBus q54sj108a2 Driver

Publication date: 2026-05-08

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read The q54sj108a2_debugfs_read function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex(). The function currently passes 'data' as the destination and 'data_char' as the source. Because bin2hex() converts each input byte into two hex characters, a 32-byte block read results in 64 bytes of output. Since 'data' is only 34 bytes (I2C_SMBUS_BLOCK_MAX + 2), this writes 30 bytes past the end of the buffer onto the stack. Additionally, the arguments were swapped: it was reading from the zero-initialized 'data_char' and writing to 'data', resulting in all-zero output regardless of the actual I2C read. Fix this by: 1. Expanding 'data_char' to 66 bytes to safely hold the hex output. 2. Correcting the bin2hex() argument order and using the actual read count. 3. Using a pointer to select the correct output buffer for the final simple_read_from_buffer call.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-20
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43380
EUVD
EUVD-2026-28686
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack buffer overflow in the Linux kernel's hwmon subsystem, specifically in the pmbus/q54sj108a2 driver within the debugfs read function.

The issue arises because the function q54sj108a2_debugfs_read incorrectly passes arguments to the bin2hex() function, swapping the source and destination buffers.

bin2hex() converts each input byte into two hexadecimal characters, so a 32-byte input results in 64 bytes of output. However, the destination buffer 'data' is only 34 bytes long, causing 30 bytes to be written beyond the buffer's end on the stack, leading to a stack buffer overflow.

Additionally, because the arguments were swapped, the function was reading from a zero-initialized buffer and writing to a smaller buffer, resulting in incorrect all-zero output regardless of the actual I2C read.

The fix involved expanding the output buffer size, correcting the argument order to bin2hex(), and properly selecting the output buffer for the final read operation.

Impact Analysis

This vulnerability can lead to a stack buffer overflow, which may cause the Linux kernel to crash or behave unpredictably.

In some cases, stack buffer overflows can be exploited by attackers to execute arbitrary code with kernel privileges, potentially compromising system security.

Additionally, the incorrect output caused by the argument swap could lead to misleading or incorrect data being read from the hardware monitoring interface.

Mitigation Strategies

The vulnerability is fixed by updating the Linux kernel to a version where the q54sj108a2_debugfs_read function has been corrected.

  • Apply the patch that expands the 'data_char' buffer to 66 bytes to safely hold the hex output.
  • Ensure the bin2hex() function arguments are correctly ordered, using the actual read count.
  • Use the corrected pointer to select the appropriate output buffer for the final simple_read_from_buffer call.

In practice, this means updating your Linux kernel to the fixed version released on or after 2026-05-08.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43380. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart