HOMEVULNERABILITIESCVE-2026-46156
NONE

CVE-2026-46156

Published: May 28, 2026· Updated: Jun 1, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:5.2th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()

The switch case in loongson_gpu_fixup_dma_hang() may not DC2 or DC3, and

readl(crtc_reg) will access with random address, because the "device" is

from "base+PCI_DEVICE_ID", "base" is from "pdev->devfn+1". This is wrong

when my platform inserts a discrete GPU:

lspci -tv

-[0000:00]-+-00.0 Loongson Technology LLC Hyper Transport Bridge Controller

...

+-06.0 Loongson Technology LLC LG100 GPU

+-06.2 Loongson Technology LLC Device 7a37

...

Add a default switch case to fix the panic as below:

Kernel ade access[#1]:

CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.136-loong64-desktop-hwe+ #4

pc 90000000017e5534 ra 90000000017e54c0 tp 90000001002f8000 sp 90000001002fb6c0

a0 80000efe00003100 a1 0000000000003100 a2 0000000000000000 a3 0000000000000002

a4 90000001002fb6b4 a5 900000087cdb58fd a6 90000000027af000 a7 0000000000000001

t0 00000000000085b9 t1 000000000000ffff t2 0000000000000000 t3 0000000000000000

t4 fffffffffffffffd t5 00000000fffb6d9c t6 0000000000083b00 t7 00000000000070c0

t8 900000087cdb4d94 u0 900000087cdb58fd s9 90000001002fb826 s0 90000000031c12c8

s1 7fffffffffffff00 s2 90000000031c12d0 s3 0000000000002710 s4 0000000000000000

s5 0000000000000000 s6 9000000100053000 s7 7fffffffffffff00 s8 90000000030d4000

ra: 90000000017e54c0 loongson_gpu_fixup_dma_hang+0x40/0x210

ERA: 90000000017e5534 loongson_gpu_fixup_dma_hang+0xb4/0x210

CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)

PRMD: 00000004 (PPLV0 +PIE -PWE)

EUEN: 00000000 (-FPE -SXE -ASXE -BTE)

ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)

ESTAT: 00480000 [ADEM] (IS= ECode=8 EsubCode=1)

BADV: 7fffffffffffff00

PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV)

Modules linked in:

Process swapper/0 (pid: 1, threadinfo=(____ptrval____), task=(____ptrval____))

Stack : 0000000000000006 90000001002fb778 90000001002fb704 0000000000000007

0000000016a65700 90000000017e5690 000000000000ffff ffffffffffffffff

900000000209f7c0 9000000100053000 900000000209f7a8 9000000000eebc08

0000000000000000 0000000000000000 0000000000000006 90000001002fb778

90000001000530b8 90000000027af000 0000000000000000 9000000100054000

9000000100053000 9000000000ebb70c 9000000100004c00 9000000004000001

90000001002fb7e4 bae765461f31cb12 0000000000000000 0000000000000000

0000000000000006 90000000027af000 0000000000000030 90000000027af000

900000087cd6f800 9000000100053000 0000000000000000 9000000000ebc560

7a2500147cdaf720 bae765461f31cb12 0000000000000001 0000000000000030

...

Call Trace:

[<90000000017e5534>] loongson_gpu_fixup_dma_hang+0xb4/0x210

[<9000000000eebc08>] pci_fixup_device+0x108/0x280

[<9000000000ebb70c>] pci_setup_device+0x24c/0x690

[<9000000000ebc560>] pci_scan_single_device+0xe0/0x140

[<9000000000ebc684>] pci_scan_slot+0xc4/0x280

[<9000000000ebdd00>] pci_scan_child_bus_extend+0x60/0x3f0

[<9000000000f5bc94>] acpi_pci_root_create+0x2b4/0x420

[<90000000017e5e74>] pci_acpi_scan_root+0x2d4/0x440

[<9000000000f5b02c>] acpi_pci_root_add+0x21c/0x3a0

[<9000000000f4ee54>] acpi_bus_attach+0x1a4/0x3c0

[<90000000010e200c>] device_for_each_child+0x6c/0xe0

[<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70

[<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0

[<90000000010e200c>] device_for_each_child+0x6c/0xe0

[<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70

[<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0

[<9000000000f5211c>] acpi_bus_scan+0x6c/0x280

[<900000000189c028>] acpi_scan_init+0x194/0x310

[<900000000189bc6c>] acpi_init+0xcc/0x140

[<9000000000220cdc>] do_one_initcall+0x4c/0x310

[<90000000018618fc>] kernel_init_freeable+0x258/0x2d4

[<900000000184326c>] kernel_init+0x28/0x13c

[<9000000000222008>] ret_from_kernel_thread+0xc/0xa4

NVD Source

Technical Analysis

CVE-2026-46156 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-46156
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 28, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46156 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.