目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1325 CNY

100%
コーヒーを一杯おごる

CVE-2026-46148— Linux kernel 安全漏洞

EPSS 0.12% · P2

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 8

ベンダープロダクトVersion Rangeステータス
LinuxLinux8596124c4c1bc7561454cee0463c16eca70b5d25< 998f43196d732f20f9b71eb6ebd973736c9fa911affected
8596124c4c1bc7561454cee0463c16eca70b5d25< ee3c99aa102212ad59dc2c19595515c4a6729307affected
8596124c4c1bc7561454cee0463c16eca70b5d25< 7672749e1496215e8683ce57cf323119033954cfaffected
6.1affected
< 6.1unaffected
6.18.30≤ 6.18.*unaffected
7.0.7≤ 7.0.*unaffected
7.1≤ *unaffected
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-46148の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
spi: microchip-core-qspi: control built-in cs manually
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when the number of bytes written to the TOTALBYTES field of the FRAMES register have been sent on the bus. Additional devices must use GPIOs for their chip selects. It was reported to me that if there are two devices attached to this QSPI controller that the in-built chip select is set low while linux tries to access the device attached to the GPIO. This went undetected as the boards that connected multiple devices to the SPI controller all exclusively used GPIOs for chip selects, not relying on the built-in chip select at all. It turns out that this was because the built-in chip select, when controlled automagically, is set low when active and high when inactive, thereby ruling out its use for active-high devices or devices that need to transmit with the chip select disabled. Modify the driver so that it controls chip select directly, retaining the behaviour for mem_ops of setting the chip select active for the entire duration of the transfer in the exec_op callback. For regular transfers, implement the set_cs callback for the core to use. As part of this, the existing setup callback, mchp_coreqspi_setup_op(), is removed. Modifying the CLKIDLE field is not safe to do during operation when there are multiple devices, so this code is removed entirely. Setting the MASTER and ENABLE fields is something that can be done once at probe, it doesn't need to be re-run for each device. Instead the new setup callback sets the built-in chip select to its inactive state for active-low devices, as the reset value of the chip select in software controlled mode is low.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于spi microchip-core-qspi中内置片选自动控制问题,可能导致访问其他设备时片选被错误拉低。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux 8596124c4c1bc7561454cee0463c16eca70b5d25 ~ 998f43196d732f20f9b71eb6ebd973736c9fa911 -
LinuxLinux 6.1 -

II. CVE-2026-46148の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-46148のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-46148 补丁与修复 (3)

Same Patch Batch · Linux · 2026-05-28 · 136 CVEs total

CVE-2026-461359.8 CRITICALnvmet-tcp: fix race between ICReq handling and queue teardown
CVE-2026-461379.8 CRITICALmptcp: pm: ADD_ADDR rtx: fix potential data-race
CVE-2026-461959.8 CRITICALsmb: client: validate dacloffset before building DACL pointers
CVE-2026-461159.8 CRITICALblock: add pgmap check to biovec_phys_mergeable
CVE-2026-461859.1 CRITICALsmb/client: fix out-of-bounds read in symlink_data()
CVE-2026-461199.1 CRITICALlibceph: Fix slab-out-of-bounds access in auth message processing
CVE-2026-461559.1 CRITICALsmb/client: fix out-of-bounds read in smb2_compound_op()
CVE-2026-461748.8 HIGHx86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
CVE-2026-461988.8 HIGHbatman-adv: fix integer overflow on buff_pos
CVE-2026-461258.8 HIGHwifi: mac80211: remove station if connection prep fails
CVE-2026-461528.8 HIGHwifi: mac80211: drop stray 'static' from fast-RX rx_result
CVE-2026-462388.8 HIGHbatman-adv: stop caching unowned originator pointers in BAT IV
CVE-2026-461138.8 HIGHKVM: x86: Fix shadow paging use-after-free due to unexpected GFN
CVE-2026-462128.8 HIGHbatman-adv: bla: prevent use-after-free when deleting claims
CVE-2026-461668.8 HIGHwifi: mac80211: use safe list iteration in radar detect work
CVE-2026-462328.1 HIGHHID: playstation: Clamp num_touch_reports
CVE-2026-461388.1 HIGHBluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
CVE-2026-461817.8 HIGHRDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
CVE-2026-462017.8 HIGHdrm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()
CVE-2026-462107.8 HIGHmedia: iris: fix use-after-free of fmt_src during MBPF check

Showing 20 of 136 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Linux
同じベンダー: Linux

V. CVE-2026-46148へのコメント

まだコメントはありません

コメントを残す