Description
In the Linux kernel, the following vulnerability has been resolved:

mtd: intel-dg: Fix accessing regions before setting nregions

The regions array is counted by nregions, but it's set only after
accessing it:

[] UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd_intel_dg.c:750:15
[] index 0 is out of range for type '<unknown> [*]'

Fix it by also fixing an undesired behavior: the loop silently ignores
ENOMEM and continues setting the other entries.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s MTD Intel DG driver contains an array‑index‑out‑of‑bounds bug that occurs when it reads the 'regions' array before the 'nregions' counter is initialized, causing a UBSAN error and potentially corrupting kernel memory. Based on the description, it is inferred that an attacker capable of interacting with the vulnerable code path could trigger the out‑of‑bounds access and exploit it to corrupt memory. The patch also corrects silent ENOMEM handling so the driver no longer ignores allocation failures.

Affected Systems

All unpatched Linux kernel releases that ship the mtd_intel_dg.c driver are affected, as the CPE covers the entire Linux kernel and no specific version range is listed; every distribution that has the vulnerable code before the fix is in scope.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, but the index‑out‑of‑bounds nature in kernel space indicates high risk for memory corruption. Based on the description, it is inferred that the likely attack vector involves an attacker interacting with the mtd_intel_dg driver (for example, by creating or accessing MTD partitions) to trigger the out‑of‑bounds condition. This could allow a local attacker with write access to the driver to cause kernel crashes or potentially gain elevated privileges; exploitation requires loading or using the driver, so local or remote scenarios are possible depending on system configuration.

Generated by OpenCVE AI on May 27, 2026 at 19:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the mtd_intel_dg.c patch that correctly initializes nregions before accessing the array.
  • If a kernel upgrade cannot be performed immediately, unload or disable the mtd_intel_dg module to prevent its execution.
  • Monitor system logs for kernel panics or UBSAN array-index-out-of-bounds messages and verify that the kernel is free of such failures after applying a patch.

Generated by OpenCVE AI on May 27, 2026 at 19:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-129

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: [] UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd_intel_dg.c:750:15 [] index 0 is out of range for type '<unknown> [*]' Fix it by also fixing an undesired behavior: the loop silently ignores ENOMEM and continues setting the other entries.
Title mtd: intel-dg: Fix accessing regions before setting nregions
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:17:06.332Z

Reserved: 2026-05-13T15:03:33.083Z

Link: CVE-2026-45896

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:03.860

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45896

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T19:15:26Z

Weaknesses