{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46001", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.091Z", "datePublished": "2026-05-27T12:55:56.128Z", "dateUpdated": "2026-05-27T12:55:56.128Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:55:56.128Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()\n\nFix two bugs in pt5161l_read_block_data():\n\n1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf[24],\n but i2c_smbus_read_block_data() can return up to\n I2C_SMBUS_BLOCK_MAX (32) bytes. The i2c-core copies the data into\n the caller's buffer before the return value can be checked, so\n the post-read length validation does not prevent a stack overrun\n if a device returns more than 24 bytes. Resize the buffer to\n I2C_SMBUS_BLOCK_MAX.\n\n2. Unexpected positive return on length mismatch: When all three\n retries are exhausted because the device returns data with an\n unexpected length, i2c_smbus_read_block_data() returns a positive\n byte count. The function returns this directly, and callers treat\n any non-negative return as success, processing stale or incomplete\n buffer contents. Return -EIO when retries are exhausted with a\n positive return value, preserving the negative error code on I2C\n failure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwmon/pt5161l.c"], "versions": [{"version": "1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4", "lessThan": "7eccabff1c9ec15e4b6fe186d5c147b13a9cdb4e", "status": "affected", "versionType": "git"}, {"version": "1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4", "lessThan": "95d48e37a1304d6148406c799479c0fb505aefa7", "status": "affected", "versionType": "git"}, {"version": "1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4", "lessThan": "a11aa9c5fd9dfe62be7cfec1f2a7546afb77254c", "status": "affected", "versionType": "git"}, {"version": "1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4", "lessThan": "24c73e93d6a756e1b8626bb259d2e07c5b89b370", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwmon/pt5161l.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7eccabff1c9ec15e4b6fe186d5c147b13a9cdb4e"}, {"url": "https://git.kernel.org/stable/c/95d48e37a1304d6148406c799479c0fb505aefa7"}, {"url": "https://git.kernel.org/stable/c/a11aa9c5fd9dfe62be7cfec1f2a7546afb77254c"}, {"url": "https://git.kernel.org/stable/c/24c73e93d6a756e1b8626bb259d2e07c5b89b370"}], "title": "hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()\n\nFix two bugs in pt5161l_read_block_data():\n\n1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf[24],\n but i2c_smbus_read_block_data() can return up to\n I2C_SMBUS_BLOCK_MAX (32) bytes. The i2c-core copies the data into\n the caller's buffer before the return value can be checked, so\n the post-read length validation does not prevent a stack overrun\n if a device returns more than 24 bytes. Resize the buffer to\n I2C_SMBUS_BLOCK_MAX.\n\n2. Unexpected positive return on length mismatch: When all three\n retries are exhausted because the device returns data with an\n unexpected length, i2c_smbus_read_block_data() returns a positive\n byte count. The function returns this directly, and callers treat\n any non-negative return as success, processing stale or incomplete\n buffer contents. Return -EIO when retries are exhausted with a\n positive return value, preserving the negative error code on I2C\n failure."}], "id": "CVE-2026-46001", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:17.760", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/24c73e93d6a756e1b8626bb259d2e07c5b89b370"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7eccabff1c9ec15e4b6fe186d5c147b13a9cdb4e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95d48e37a1304d6148406c799479c0fb505aefa7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a11aa9c5fd9dfe62be7cfec1f2a7546afb77254c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data()", "id": "2481906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481906"}, "csaw": false, "cwe": "CWE-131", "details": ["A flaw was found in the Linux kernel's hwmon pt5161l driver. The `pt5161l_read_block_data()` function is vulnerable to a buffer overrun, where it can receive more data than its allocated buffer size. This can lead to memory corruption. Additionally, the function may return an unexpected positive value on length mismatch, causing callers to process incomplete or stale data."], "name": "CVE-2026-46001", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46001\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46001\nhttps://lore.kernel.org/linux-cve-announce/2026052742-CVE-2026-46001-8d51@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4,7eccabff1c9ec15e4b6fe186d5c147b13a9cdb4e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4,95d48e37a1304d6148406c799479c0fb505aefa7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4,a11aa9c5fd9dfe62be7cfec1f2a7546afb77254c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2ca93cd0592b1fcbc6f8b64e02552bc15f4bb4,24c73e93d6a756e1b8626bb259d2e07c5b89b370)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.9)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.86,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.27,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.4,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T18:45:39.823083+00:00", "updated": "2026-05-28T03:15:05.803497+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-119", "CWE-131", "CWE-20"]}