Description
In the Linux kernel, the following vulnerability has been resolved:

hwmon: (powerz) Avoid cacheline sharing for DMA buffer

Depending on the architecture the transfer buffer may share a cacheline
with the following mutex. As the buffer may be used for DMA, that is
problematic.

Use the high-level DMA helpers to make sure that cacheline sharing can
not happen.

Also drop the comment, as the helpers are documentation enough.

https://sashiko.dev/#/message/20260408175814.934BFC19421%40smtp.kernel.org
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Linux kernel arises when a DMA buffer can share a cacheline with a mutex, causing a race condition between DMA operations and kernel synchronization. Because a DMA controller can read or write to the buffer simultaneously with mutex access, this can result in inconsistent or corrupted kernel data structures if exploited. The weakness is identified as CWE‑821, representing an improper isolation of shared buffers leading to data corruption.

Affected Systems

Any Linux kernel build that incorporates the hwmon powerz driver and does not apply the patch to avoid cacheline sharing between DMA buffers and mutexes is potentially affected. Since the CVE does not list explicit kernel versions, all releases prior to the inclusion of the fix in the source tree are at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% reflects a low probability of exploitation in the wild. The flaw would likely require privileged access or a malicious DMA controller to manipulate the kernel buffer concurrently with mutex activity. No public exploit is known and the vulnerability is not listed in CISA KEV, but the potential for memory corruption warrants prompt remediation.

Generated by OpenCVE AI on June 18, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that incorporates the DMA helper changes to prevent cacheline sharing
  • Rebuild or reload the hwmon powerz driver module using the updated DMA helper code
  • If a kernel update is not feasible, disable the powerz hwmon interface or restrict its access to privileged users only

Generated by OpenCVE AI on June 18, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8488-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8489-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8488-2 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8507-1 Linux kernel (NVIDIA) vulnerabilities
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Thu, 28 May 2026 00:15:00 +0000


Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the buffer may be used for DMA, that is problematic. Use the high-level DMA helpers to make sure that cacheline sharing can not happen. Also drop the comment, as the helpers are documentation enough. https://sashiko.dev/#/message/20260408175814.934BFC19421%40smtp.kernel.org
Title hwmon: (powerz) Avoid cacheline sharing for DMA buffer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:47:37.205Z

Reserved: 2026-05-13T15:03:33.092Z

Link: CVE-2026-46007

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:18.470

Modified: 2026-06-17T10:52:53.330

Link: CVE-2026-46007

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46007 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T22:30:16Z

Weaknesses