{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46332", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.113Z", "datePublished": "2026-06-09T12:36:00.450Z", "dateUpdated": "2026-06-09T12:36:00.450Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-09T12:36:00.450Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: gb-beagleplay: bound bootloader receive buffering\n\ncc1352_bootloader_rx() appends each serdev chunk into the fixed\nrx_buffer before parsing bootloader packets. The helper can keep\nleftover bytes between callbacks and may receive multiple packets in one\ncallback, so a single count value is not constrained by one packet\nlength.\n\nCheck that the incoming chunk fits in the remaining receive buffer space\nbefore memcpy(). If it does not, drop the staged data and consume the\nbytes instead of overflowing rx_buffer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/greybus/gb-beagleplay.c"], "versions": [{"version": "0cf7befa3ea2e7284d8ba5b8f45a546865b09edb", "lessThan": "663c2728a6d0f781044431111b53a27f71027e48", "status": "affected", "versionType": "git"}, {"version": "0cf7befa3ea2e7284d8ba5b8f45a546865b09edb", "lessThan": "fb91d4e49fcbea0b5091394ac5b8f7d4124265c3", "status": "affected", "versionType": "git"}, {"version": "0cf7befa3ea2e7284d8ba5b8f45a546865b09edb", "lessThan": "0339a746ff7cd3f9d10f565e89c99dc93191e58d", "status": "affected", "versionType": "git"}, {"version": "0cf7befa3ea2e7284d8ba5b8f45a546865b09edb", "lessThan": "1214bf28965ceaf584fb20d357731264dd2e10e1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/greybus/gb-beagleplay.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/663c2728a6d0f781044431111b53a27f71027e48"}, {"url": "https://git.kernel.org/stable/c/fb91d4e49fcbea0b5091394ac5b8f7d4124265c3"}, {"url": "https://git.kernel.org/stable/c/0339a746ff7cd3f9d10f565e89c99dc93191e58d"}, {"url": "https://git.kernel.org/stable/c/1214bf28965ceaf584fb20d357731264dd2e10e1"}], "title": "greybus: gb-beagleplay: bound bootloader receive buffering", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: gb-beagleplay: bound bootloader receive buffering\n\ncc1352_bootloader_rx() appends each serdev chunk into the fixed\nrx_buffer before parsing bootloader packets. The helper can keep\nleftover bytes between callbacks and may receive multiple packets in one\ncallback, so a single count value is not constrained by one packet\nlength.\n\nCheck that the incoming chunk fits in the remaining receive buffer space\nbefore memcpy(). If it does not, drop the staged data and consume the\nbytes instead of overflowing rx_buffer."}], "id": "CVE-2026-46332", "lastModified": "2026-06-09T14:16:42.817", "metrics": {}, "published": "2026-06-09T14:16:42.817", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0339a746ff7cd3f9d10f565e89c99dc93191e58d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1214bf28965ceaf584fb20d357731264dd2e10e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/663c2728a6d0f781044431111b53a27f71027e48"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb91d4e49fcbea0b5091394ac5b8f7d4124265c3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: greybus: gb-beagleplay: bound bootloader receive buffering", "id": "2486995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486995"}, "csaw": false, "cwe": "CWE-120", "details": ["A flaw was found in the Linux kernel's Greybus subsystem, specifically in the `gb-beagleplay` driver. The `cc1352_bootloader_rx()` function, responsible for receiving bootloader data, does not properly check the size of incoming data chunks before copying them into a fixed-size receive buffer. This unbounded buffering can lead to an `rx_buffer` overflow, potentially resulting in memory corruption and a denial of service."], "name": "CVE-2026-46332", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46332\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46332\nhttps://lore.kernel.org/linux-cve-announce/2026060911-CVE-2026-46332-c9a0@gregkh/T"]}