CVE-2026-45896
Awaiting Analysis Awaiting Analysis - Queue
Array Index Out of Bounds in Linux Kernel MTD Intel-DG Driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: [] UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd_intel_dg.c:750:15 [] index 0 is out of range for type '<unknown> [*]' Fix it by also fixing an undesired behavior: the loop silently ignores ENOMEM and continues setting the other entries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45896
EUVD
EUVD-2026-32362
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's mtd: intel-dg driver. The issue arises because the regions array is accessed before the variable nregions, which counts the number of regions, is set. This leads to an out-of-bounds array access, as indicated by the UBSAN warning about an array-index-out-of-bounds error at a specific line in the source code.

Additionally, the code had an undesired behavior where a loop would silently ignore ENOMEM (out of memory) errors and continue setting other entries, which has also been fixed.

Impact Analysis

This vulnerability in the Linux kernel's mtd: intel-dg driver involves accessing regions before the number of regions (nregions) is set, leading to an out-of-bounds array access. This can cause undefined behavior such as memory corruption or system instability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45896. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart