CVE-2026-46190
Out-of-Bounds Read in Linux Kernel MTD SPI-NOR Debugfs
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the Linux kernel's spi-nor debugfs component, specifically in the function spi_nor_params_show().
The issue arises because the code uses sizeof() on an array of pointers (snor_f_names) to determine the length of the array. Since sizeof() returns the total byte size of the pointers rather than the number of elements, on 64-bit systems this results in an inflated length value that is 8 times larger than intended.
This inflated length is then used for bounds checking in spi_nor_print_flags(), which can cause the function to read beyond the actual array bounds if certain flag bits are set.
The fix involves using ARRAY_SIZE() to correctly pass the actual number of elements in the array, preventing the out-of-bounds read.
How can this vulnerability impact me? :
An out-of-bounds read vulnerability can lead to the kernel reading memory beyond the intended array boundaries.
This can potentially cause information disclosure if sensitive data is read, or lead to system instability or crashes.
However, the specific impact depends on how the spi-nor debugfs interface is used and whether an attacker can trigger the out-of-bounds read.