CVE-2026-46190

Source
https://cve.org/CVERecord?id=CVE-2026-46190
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46190.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46190
Downstream
Related
Published
2026-05-28T09:36:44.017Z
Modified
2026-07-15T01:49:14.634819526Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
Details

In the Linux kernel, the following vulnerability has been resolved:

mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparams_show()

Sashiko noticed an out-of-bounds read [1].

In spinorparamsshow(), the snorfnames array is passed to spinorprintflags() using sizeof(snorfnames).

Since snorfnames is an array of pointers, sizeof() returns the total number of bytes occupied by the pointers (element_count * sizeof(void *)) rather than the element count itself. On 64-bit systems, this makes the passed length 8x larger than intended.

Inside spinorprintflags(), the 'nameslen' argument is used to bounds-check the 'names' array access. An out-of-bounds read occurs if a flag bit is set that exceeds the array's actual element count but is within the inflated byte-size count.

Correct this by using ARRAY_SIZE() to pass the actual number of string pointers in the array.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46190.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0257be79fc4a16a3252ce80aa13b3640f728c425
Fixed
231b8e1f604f6e0a7e100536f506cdf482e2c5f5
Fixed
9a80c458320e0514e11945402dd6e48fcee05524
Fixed
ca18c180b053f6ce80394322b314ac721c316af7
Fixed
34bdcfb496b29f9a52431194f94473b37fb8c162
Fixed
c0b654bc0b76a1da102d9138be1ed1223bd99310
Fixed
e47029b977e747cb3a9174308fd55762cce70147

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46190.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46190.json"