CVE-2026-46211— Linux kernel 安全漏洞
Possible ATT&CK Techniques 3AI
T1068 · Exploitation for Privilege Escalation T1135 · Network Share Discovery T1211 · Exploitation for StealthAffected Version Matrix 10
| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| Linux | Linux | 9902cb999e4e913d98e8afe4b36c08e4a793e1ce< 697e1a9559f6962f999cc4c748c2ffffcc0a7a7a | affected |
9902cb999e4e913d98e8afe4b36c08e4a793e1ce< c57c861956b89f2e2528e6384d51e2dedd915809 | affected | ||
9902cb999e4e913d98e8afe4b36c08e4a793e1ce< b079e85c91f446f29e808d8291189e897f1884ff | affected | ||
9902cb999e4e913d98e8afe4b36c08e4a793e1ce< 47cbfe2608314b833ad61a65827d8fb363bc2d2d | affected | ||
6.8 | affected | ||
< 6.8 | unaffected | ||
6.12.90≤ 6.12.* | unaffected | ||
6.18.32≤ 6.18.* | unaffected | ||
| … +2 more rows | |||
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-46211の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata()
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() msm_ioctl_gem_info_get_metadata() always returns 0 regardless of errors. When copy_to_user() fails or the user buffer is too small, the error code stored in ret is ignored because the function unconditionally returns 0. This causes userspace to believe the ioctl succeeded when it did not. Additionally, kmemdup() can return NULL on allocation failure, but the return value is not checked. This leads to a NULL pointer dereference in the subsequent copy_to_user() call. Add the missing NULL check for kmemdup() and return ret instead of 0. Note that the SET counterpart (msm_ioctl_gem_info_set_metadata) correctly returns ret. Patchwork: https://patchwork.freedesktop.org/patch/714478/
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于drm/msm/gem中错误处理不当,可能导致空指针取消引用。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2026-46211の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-46211のインテリジェンス情報
请登录查看更多情报信息。
CVE-2026-46211 补丁与修复 (4)
Same Patch Batch · Linux · 2026-05-28 · 136 CVEs total
| CVE-2026-46135 | 9.8 CRITICAL | nvmet-tcp: fix race between ICReq handling and queue teardown |
| CVE-2026-46137 | 9.8 CRITICAL | mptcp: pm: ADD_ADDR rtx: fix potential data-race |
| CVE-2026-46115 | 9.8 CRITICAL | block: add pgmap check to biovec_phys_mergeable |
| CVE-2026-46195 | 9.8 CRITICAL | smb: client: validate dacloffset before building DACL pointers |
| CVE-2026-46155 | 9.1 CRITICAL | smb/client: fix out-of-bounds read in smb2_compound_op() |
| CVE-2026-46119 | 9.1 CRITICAL | libceph: Fix slab-out-of-bounds access in auth message processing |
| CVE-2026-46185 | 9.1 CRITICAL | smb/client: fix out-of-bounds read in symlink_data() |
| CVE-2026-46125 | 8.8 HIGH | wifi: mac80211: remove station if connection prep fails |
| CVE-2026-46166 | 8.8 HIGH | wifi: mac80211: use safe list iteration in radar detect work |
| CVE-2026-46198 | 8.8 HIGH | batman-adv: fix integer overflow on buff_pos |
| CVE-2026-46174 | 8.8 HIGH | x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache |
| CVE-2026-46238 | 8.8 HIGH | batman-adv: stop caching unowned originator pointers in BAT IV |
| CVE-2026-46152 | 8.8 HIGH | wifi: mac80211: drop stray 'static' from fast-RX rx_result |
| CVE-2026-46212 | 8.8 HIGH | batman-adv: bla: prevent use-after-free when deleting claims |
| CVE-2026-46113 | 8.8 HIGH | KVM: x86: Fix shadow paging use-after-free due to unexpected GFN |
| CVE-2026-46232 | 8.1 HIGH | HID: playstation: Clamp num_touch_reports |
| CVE-2026-46138 | 8.1 HIGH | Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt |
| CVE-2026-46157 | 7.8 HIGH | ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger |
| CVE-2026-46129 | 7.8 HIGH | btrfs: fix double free in create_space_info() error path |
| CVE-2026-46227 | 7.8 HIGH | sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL |
Showing 20 of 136 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-52910
bpf: Free reuseport cBPF prog after RCU grace period. - CVE-2026-52909
ip6_vti: set netns_immutable on the fallback device. - CVE-2026-52908
RDMA: During rereg_mr ensure that REREG_ACCESS is compatible - CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corru - CVE-2026-52907
media: rockchip: rkcif: fix off by one bugs
同じベンダー: Linux
- CVE-2026-52910
bpf: Free reuseport cBPF prog after RCU grace period. - CVE-2026-52909
ip6_vti: set netns_immutable on the fallback device. - CVE-2026-52908
RDMA: During rereg_mr ensure that REREG_ACCESS is compatible - CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corru - CVE-2026-52907
media: rockchip: rkcif: fix off by one bugs
V. CVE-2026-46211へのコメント
まだコメントはありません