Metrics
Affected Vendors & Products
Tue, 16 Jun 2026 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-125 | |
| CPEs | cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* |
|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 01 Jun 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Thu, 28 May 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-119 CWE-120 |
Thu, 28 May 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1284 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 27 May 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-119 CWE-120 |
Wed, 27 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in command_file_write due to missing size checks The command_file_write() handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the buffer against the dot command protocol before passing it to get_dot_command_size() and get_dot_command_timeout(). Since both the allocation size (count) and the header fields (command_size, data_size) are independently user-controlled, an attacker can cause get_dot_command_size() to return a value exceeding the allocation, triggering OOB reads in get_dot_command_timeout() and an out-of-bounds memcpy_toio() that leaks kernel heap memory to the service processor. Fix with two guards: reject writes smaller than sizeof(struct dot_command_header) before allocation, then after copying user data reject commands where the buffer is smaller than the total size declared by the header (sizeof(header) + command_size + data_size). This ensures all subsequent header and payload field accesses stay within the buffer. | |
| Title | ibmasm: fix OOB reads in command_file_write due to missing size checks | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
|
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-06-14T17:46:55.731Z
Reserved: 2026-05-13T15:03:33.091Z
Link: CVE-2026-45994
No data.
Status : Analyzed
Published: 2026-05-27T14:17:16.970
Modified: 2026-06-17T10:52:51.927
Link: CVE-2026-45994
OpenCVE Enrichment
Updated: 2026-06-18T02:15:15Z