CVE-2026-46205
Modified Modified - Updated After Analysis
Disallow Private IOCTLs in Linux Kernel

Publication date: 2026-05-28

Last updated on: 2026-06-15

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in the beginning of the function if cmd is non-zero in order to keep static checkers happy.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-15
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46205
EUVD
EUVD-2026-32832
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 4.12 (inc) to 5.10.258 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.32 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.90 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is addressed by disallowing all private IOCTLs in the Linux kernel's atomisp media staging code. To mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix, which disables private IOCTLs by returning early if the command is non-zero.

Executive Summary

This vulnerability involves the Linux kernel's media subsystem, specifically the atomisp driver in the staging area. The issue is related to private IOCTL (Input/Output Control) commands, which are not considered as safe as expected. To address this, all private IOCTLs have been disallowed by returning early in the function if the command is non-zero, effectively disabling these potentially unsafe operations while keeping the code structure intact for static analysis tools.

Impact Analysis

The vulnerability could allow unsafe or unintended operations through private IOCTL commands in the atomisp media driver, potentially leading to security risks such as unauthorized access or system instability. By disallowing these private IOCTLs, the risk of exploitation is mitigated, improving the security posture of the Linux kernel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart