目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2026-46147— Linux kernel 安全漏洞

AI Predicted 5.5 Difficulty: Moderate EPSS 0.13% · P3

Possible ATT&CK Techniques 1AI

T1629

Affected Version Matrix 8

ベンダープロダクトVersion Rangeステータス
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 7d3c27b54253cda91dc4d2c1bfc109c490837ab9affected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 6d69c0ed978f7f0efd053fc98390f25ab77c1aeaaffected
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 73b9c1e5da84cd69b1a86e374e450817cd051371affected
< 6.18.30affected
< 7.0.7affected
6.18.30≤ 6.18.*unaffected
7.0.7≤ 7.0.*unaffected
7.1≤ *unaffected
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-46147の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup path jumps to 'unlock' without calling unpin_host_vcpu() or unpin_host_sve_state(), permanently leaking pin references on the host vCPU and SVE state pages. Extract a register_hyp_vcpu() helper that performs the checks and the store. When register_hyp_vcpu() returns an error, call unpin_host_vcpu() and unpin_host_sve_state() inline before falling through to the existing 'unlock' label. 2. register_hyp_vcpu() publishes the new vCPU pointer into 'hyp_vm->vcpus[]' with a bare store, allowing a concurrent caller of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU object. Ensure the store uses smp_store_release() and the load uses smp_load_acquire(). While 'vm_table_lock' currently serialises the store and the load, these barriers ensure the reader sees the fully initialised 'hyp_vcpu' object even if there were a lockless path or if the lock's own ordering guarantees were insufficient for nested object initialization.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于KVM arm64中__pkvm_init_vcpu()函数存在引脚泄漏和发布顺序问题,可能导致引脚引用泄漏和并发访问未完全初始化的vCPU对象。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ~ 7d3c27b54253cda91dc4d2c1bfc109c490837ab9 -
LinuxLinux 6.18.30 ~ 6.18.* -

II. CVE-2026-46147の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-46147のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-46147 补丁与修复 (3)

Same Patch Batch · Linux · 2026-05-28 · 136 CVEs total

CVE-2026-461359.8 CRITICALnvmet-tcp: fix race between ICReq handling and queue teardown
CVE-2026-461379.8 CRITICALmptcp: pm: ADD_ADDR rtx: fix potential data-race
CVE-2026-461959.8 CRITICALsmb: client: validate dacloffset before building DACL pointers
CVE-2026-461159.8 CRITICALblock: add pgmap check to biovec_phys_mergeable
CVE-2026-461859.1 CRITICALsmb/client: fix out-of-bounds read in symlink_data()
CVE-2026-461199.1 CRITICALlibceph: Fix slab-out-of-bounds access in auth message processing
CVE-2026-461559.1 CRITICALsmb/client: fix out-of-bounds read in smb2_compound_op()
CVE-2026-461748.8 HIGHx86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
CVE-2026-461988.8 HIGHbatman-adv: fix integer overflow on buff_pos
CVE-2026-461258.8 HIGHwifi: mac80211: remove station if connection prep fails
CVE-2026-461528.8 HIGHwifi: mac80211: drop stray 'static' from fast-RX rx_result
CVE-2026-462388.8 HIGHbatman-adv: stop caching unowned originator pointers in BAT IV
CVE-2026-461138.8 HIGHKVM: x86: Fix shadow paging use-after-free due to unexpected GFN
CVE-2026-462128.8 HIGHbatman-adv: bla: prevent use-after-free when deleting claims
CVE-2026-461668.8 HIGHwifi: mac80211: use safe list iteration in radar detect work
CVE-2026-462328.1 HIGHHID: playstation: Clamp num_touch_reports
CVE-2026-461388.1 HIGHBluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
CVE-2026-461817.8 HIGHRDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
CVE-2026-462017.8 HIGHdrm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()
CVE-2026-462107.8 HIGHmedia: iris: fix use-after-free of fmt_src during MBPF check

Showing 20 of 136 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2026-46147へのコメント

まだコメントはありません


コメントを残す