HOMEVULNERABILITIESCVE-2026-46022
NONE

CVE-2026-46022

Published: May 27, 2026· Updated: Jun 1, 2026

Official Description

In the Linux kernel, the following vulnerability has been resolved:

misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()

ibmasm_handle_mouse_interrupt() performs an out-of-bounds MMIO read

when the queue reader or writer index from hardware exceeds

REMOTE_QUEUE_SIZE (60).

A compromised service processor can trigger this by writing an

out-of-range value to the reader or writer MMIO register before

asserting an interrupt. Since writer is re-read from hardware on

every loop iteration, it can also be set to an out-of-range value

after the loop has already started.

The root cause is that get_queue_reader() and get_queue_writer() return

raw readl() values that are passed directly into get_queue_entry(),

which computes:

queue_begin + reader * sizeof(struct remote_input)

with no bounds check. This unchecked MMIO address is then passed to

memcpy_fromio(), reading 8 bytes from unintended device registers.

For sufficiently large values the address falls outside the PCI BAR

mapping entirely, triggering a machine check exception.

Fix by checking both indices against REMOTE_QUEUE_SIZE at the top of

the loop body, before any call to get_queue_entry(). On an out-of-range

value, reset the reader register to 0 via set_queue_reader() before

breaking, so that normal queue operation can resume if the corrupted

hardware state is transient.

NVD Source

Technical Analysis

CVE-2026-46022 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-46022
SeverityNONE
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46022 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.